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would like to take this time to introduce ourselves to }K^ut 
We've added a couple new faces, and we will also put faces to the names 
you've seen for years. 



PiA\?VisUev> 

Heil TicWHn 

Ndl holds a Bachelors degree in LinguisticsA^ompiiter Science from 
UCIA, and an MR/\ in Knlrepreneursliip from ihe lliiiversily of 
Southern California. On a personal level, he is an avid photographer, 
an Eagle Scout, and the Federation Chid of the local YMCA Indian 
Guidc/Princcss organization (for huhers and sons/daiighters, the 
program has approximately 500 families in it), 
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Voive. K^^vk 

Dave is a long-time Mat: developer and author and has written a 
number of Ixioks on Macintosh development, including Learn C on 
die Macintosh, Learn C+-k on the Macintosh, and llie Macintosh 
Prognimming Primer series. Be stire to check out his web site at 
hUpy/www..spiderworks.com. 
ed i tor-i n-ch iefm actec h .com 
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Tm tike that Greek guy who keeps rolling die rock up die hill only 
to have it roll hack down again.” Jesiiica has been roding that rock, 
juid moving mountains (not to mention minor planelaiy^ bodies), for 
over 9 years as Managing Editor, Widi hoards of geek groupies, and 
a tall to bnng even the most jadeti him-fly to tetrs, she endees, 
cajoles, direatens, and often intoxicates die writer stable to make 
piibbslung deadlines even ncwsimpers envy. Bringing her wealth of 
experience tt) bear on die past, present, and future of MacTech, she 
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^o-PVw£j\v-e Ki?\vkefmg Coluv^nisH 
X)<^ve. Wool^/iiiAge 

Dave Wooklndj^e is tlie foiimter of Blectric Butterfly 
(ww.ebuUerflyxoiii), the award-wmuiug web design arid 
software dcvelopmefit eoitipany responsible for such products as 
Belplogic, Stimulus, LfniHelp, Web Services Libniiy^ and the 
popular developer site, RBCaragexom. 
dave_wooldriclge@niactech.com 
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ScoH- k:v\<?isfev 

Scott Knasier has been writing aliotn Macs for as long as there liave 
been Macs. Scott's book How To Write Macintosh Software was 
rcquii'cd reading for Mac progranuners for more tliaii a decade, and 
bis groiindbreiiking Miutintosh Programming SecreLs remains a cult 
classic. Scott's experience ranges from v^titing develo|)er books for 
General Magic to woi'king on award-winning Mac softwaa* for 
Microsoft. St:ott's b(K>ks have been uimslated into several hmguages, 
including Japanese and Pascal. Scott's latest l>ook is Hacking iPod + 
nimes. Scott has cvery^ issme of Mad magazine, w^liich explains a lot. 
sctitt_knsister@ mactech .cci m 



AppleScvipV 

licnjiuTiiii Widdie is president and CEO t)f Automalcxl Workflows, IlC, 
a comirajiy offering AppleScript and workflow automation consulting 
to Macintosli-based businesst^s. S'or years, Biiijaniin hits developed 
(U'ofessional Ai)pleStTipi-liased solutions for businesses across llie 
globe, including Adobe Systems, Apple Computer, NASA, PC World, 
and IV Guide Magazine. Benjiumn has presented at Manvorki, 
Seyboid, tind otlier iiopulai^ events, has Liiight custom A[>pleScn]a 
irahilng cksses, and autliorcd an introductory AppleScript trahiijig CD 
for The Virtual fraimiig Company. Benjamin writes a regular 
AppleScript colinrin for MacTcxh mi^azJne, is a contributing editor on 
MacScripter.net, and is prc'sideiU of Tlie Philiulelptiia Area AppleScript Lfsers Group. 
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Chief Know-lt-All for TackySliiil, (liltp:/Avww^tacky'sliiit.com/. He has 
over fifteen years of experience at making Macs work widi odier 
com[>uler systems. Joiin specializes in figuring out wajs in which to 
make die Mac do wliat nolK)dy diinks it can, showing dial die Mac is 
a superior administrative pkrdbrm, and teacliing odiei's how lo use it 
in iiiieresLing, if sometimes friglUeiiitig ways. He also does tilings tfiat 
don't involve computertry on occasion, or at least iliat's die rutiior. 
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Multiple formats. Multiple platforms. 
Complex installers. 

Aladdin solves the compression and installation puzzle. 
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compression formats and platforms? 

The Stufflt Engine solves the compression puzzle. 

Aladdin’s Stufflt Engine SDK: 
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>• Pro^^des a single API that supports over 20 compression and 
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> Makes self-extracting archives for either Macintosh or Windows. 

>• Available for Macintosh, Windows, Linux, or Solaris. 

Stufflt Engine SDK" 

The power of Stufflt in your software. 
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looking for the easiest and fastest 
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It’s not enough just to write solid code anymore. You still have to write an installer 

for your users. Stufflt InstallerMakcr makes it simple and effective. 

>• Stufflt InstallerMakcr gives you all the tools you need to install, uninstall, 
resource-compress or update youi‘ software in one complete, 
easy-to-use package. 

> Add marketing muscle to your installers by customizing 
your electronic registration form to include surveys 
and special offers. 

> Make demoware in minutes. Cremate Macintosh 
OS X and Macintosh Classic compatible installers 
with Stufflt InstallerMaker. 

Stufflt InstallerMaker 

The complete installation solution™ 
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A Few Words From Neil 

What’s going on? 


Every few years, it’s imp^)ilant for us to 
take a look at what's going on in tlie Mac 
Commimity, and how it relates to, and effects 
llie entire magazine. 

With MacTech Magazine now cclcl>niling its 
20ih Anniversary^, we wanted to give it not only a 
new kjgo, bin a brand new look. And, weVe taken 
a good Itx^ at wliat ilie comniLiniiy wanitxl—^in 
this ever-clninging, ever-evolving industry—atid 
weVe given ii to them, and to you. 

Tni SLiix^ you’ll siiU recognize it loi alioiii the 
magazine. We’ve lx;en changing, hut were 
keeping the Ix-st, and adding in a whole lot more 
in Uic way tjf anicles and resoutt^es. You’ll notice 
iJiat the magazine Is higgen Dial's we’re 

not taking away c'ontent. but adding to it. Die 
magazine lias long been for prcigrammers and 
develo)X‘rs, and now, the new MacTech b \ht all 
kinds of techs an llie Nkic,.. truly living up to its 
name, ‘'MacTech.’^ 

First, The Content 

For develoiXTS, you'll get tlie same great 
aintent, but also more infomiation on all kinds of 
interesting topic's that you've wondered alxiul, or 
encTiuniered in your own networks. You should 
expect to see continuing coverage of Xcode, 
Ccx’oa, Panther, Tiger and more. 

For non-[)rograinniing leclis, youTI see a 
constant stream of articles that will help you widi 
networking, web development, databases, server 
configurations, and more. You’ll leiirn more aixail 
Enterprise level solutions and support, working 
with PDFs, networking Mac OS X in cross pkitfonn 
environments, iTuncs power tips, Apache and 
more. And, if you want to start exploring more on 
tlie programming side, you’ll be able to start to 
learn tlirough our Getting Started a>lumn and other 
how-to introductory articles. 


You will see coverage on open source topics such as 
Fx:ltpse, PHP, MySQL, and FostgreSQL, as well as QuickTime, 
Quartz Extreme, WelOhjects, taking advantage of 64-btt, Xserve, 
various frameworks, and Safiiri plug-ins, just to name a few. 

Phew! 

With all this new content, we've added Davrd Sohsey to 
our team as Editor of the magazine. Hell be working closely 
with Dape Mark and Uie re.si of the team to bring in great 
content. Together, they will not only bring in more in the 
way of non-programmer content, but also continue to give 
us what you've long come to expect from MacTech... great 
developer content. 

The New Look 

Fm sure you've already noticed the new logo, and die new 
lot)k, Dianks go out to Jessica Stuhhlefield and the rest of her 
team for bringing this logethcr. \ tliink theyVe done a great job, 
and I hope you do as well. 

Spread the Word, 

Let Us Know What You Think! 

It goes without saying, I'm sure, that weVe l>een very 
hard at work on the new MacTech for some time now. We 
do hope you like it, and really want to know what you think. 
Drop me a line at publisher®macteclucom 

Also, now is the time to spread tlie word on the new 
magazine, and the new web site. Plea.se tell people about the 
magazine... and direct lliem to wwwjnactechxom to sign up 
risk free today! After all, if MacTech solves just ONE problem 
for them in the course a year, it's more than paid for itself. 

May you and yours have tlie happiest of holiday seasons. 

Best regitrds, 

Neil Ticklin 

Publisher, MacTech Magazine 
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Dumb and Dumber 

Reflecting on a Prank 




r h\s issue of Macfech marks several personal 
milestones. First, and most significant, it contains 
my 50th QuickTime Toolkit column. Over the past 
four and a half years, fve had the opportunity and the pleasure 
to write about a wide range of ropic:s related to QuickTime 
application development on Macintosfi and Windows. One or 
two of the articles that related specifically to Windows 
development sparked some understandable dismay from the 
Mac ultra-loyalisLs among the MacTech suhscritx^r base, but on 
the whole the feedback IVe received lias lieen very positive and 
quite gratifying. Indeed, iliese articles have been so well 
received that ilie first three dozen of them have recently been 
reworked into two books in tlie Morgan Kaufmami QuickTime 
Developer Series of books. Look for QuickTime Toolkit, Volume 
One: Basic: Movie Playback and Media Types and QuickTime 
Toolkit, Volume Two: Advanced Movie Playback and Media 
Types at discriminating bookstores everywliere. Pop the 
champagne corks and pass the crow canapes! 

Crow canapes? Yes. This issue marks another milestone: 
the first time 1 feel compelled to post an explanation for a 
previous article. The 20.04 (April) issue of Mac l ech contained 
an article entitled ‘'Snow^ Day" that purported to show how to 
develop Quick Lime applications for the iPod portable music 
player. That article was an April Fools joke, a hoax, a canard. I 
had tried to Ibrestali any confusion by basing the development 
on a creaky ok! programming language, SNOBOL, which has 
probably not been used for real-life development since at least 
the early 19H0s. The idea that Apple would use, for its flagship 
consumer electronics product,, a language whose entire flow 
control is accomplished via what is essentially a gloried goto 
logic struck me as so absurd Jts lo instantly invite the reader to 
see the joke. But, unfortunately, my explanations w^ere 
apparently too convincing, for a large number of readers 
quit:kly wrote to me requesting the full source code of the 
application that I presented. 

My initial reaction to these requests was quiet ainusemeni. 

I was intrigued to see that a few developers had swallowed 


the bait — hook, line, and sinker. But as the recjue.sLs 
mounted, 1 realized that the gag had perhaps gotten out of 
hand. Some very intelligent programmers, who write very 
popular and very welfknown conimereial applications, had 
faDen for the ruse. A few weblogs and ondine discussion 
groups contained pt^stings touting the achievement. I’he snow 
day had snowballed. 

Normally 1 would have remained in tliis state of quiet 
aiiiLisemenr, but .several developers became quite irate over tlie 
prank. Others were clearly peeved Happily, the most common 
reaction I got from those who had been taken in was more c.)n 
the level of disappointment. One developer sagely noted: “It 
seemed just tm weird to be real. But sometimes if there's 
something you want to be real, you ignore tiie obvious sign.s.” 
Armchair psychology aside, the fact remains that at least a few 
MacTech readers did not enjoy the joke. So let me hereby 
apologize for any ctmfu.sion, anger, or dashed expectation.s 
that you may have felt as a result of reading “Snow Day". My 
goal was not to fool anyone, and certainly not to make a fool 
of anyone. Rather, my goal was to bring a smile to your face. 

If 1 did that, 1 succeeded. 

To avoid any funher confusion, let me categorically state 
that the QuickTime Toolkit article in this issue, '‘Black Hawk 
Down", is most decidedly not a joke. In tliat article 1 show 
how to build a QuickTime application using Awk as the 
principal programtning language. At first glance this also might 
seem “too weird”, and indeed I did originaDy develop that 
application for die specific purpose of provoking a few smiles 
and .some laughter; but, as T .sugge.st at the beginning of the 
article, there are perhaps some quite useful lessons to be 
learned from this example. (Besides, this is not the April issue 
of MacTech, is \i?) 

One final thing: the “Dumb and Dumber" title of this 
apology refers to my own failure to foresee tlie consequences 
of the “Snow Day” article. It's not a dig at anyone who may 
have ix:en taken in or coofu.sed by that article. . ^ . 

'.Ml 
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GETTING STARTED • by Dave Mark 


Geiting Started 

WITH PHP 


What Makes PHP 
Different 


ill most programming languages, the 
output from your program g<K^ to the user, 
in some form or iinolher. For example, in 
your Cocoa progium, you miglit put up a 
window, then di.s]ilay some data in the 
window, perhaps w^ith a scTollbar that lets 
the user scrall thiDugh the data and buttons 
that allows the user to accept the data or 
cancel whatever pr(x:es,s hrought^^^^g^ 
up the data in the first place. 

Ilie point is, some portion of 
your program i.s dtredly 
dedicated to interacting w'ith 
the user 

PHl^ is different. Though 
PHP does sport a set of user 
interface functions, one of its 


from your weekly Halo 2 league. You could emlx^d tlie statistics 
directly in your HTML, or you could use Id IP to build an 
interface to an open source datab^lse like m>^QL or PostgreSQL, 
You'd write one PHP-laden web uk)I for entering the data, then 
another for displaying the data, 

PHP is idea for managing HTML forms. Especially if you’ll 
want to [lack your forms up to a database. Once you get a taste 
of Id IP, you'll definitely w^ani to phiy with it yourself. And the 

thing is, tf you know a bit of C, 
you1l find PHI’ tiuite ea,sy to pick up. 


The point is, some portiOR of 
ypur program is direePy 
deiHcateil to mteracNng 
with the user. 


strongest uses is as a means to dynamiailly 
generate web content. For example, 
suppose you w'cre building a well site and 
you wanted to serv^e up one set of pages 
for foJks amning Safari and a different sei 
of pages for otlier folks. 'Fhere are lots of 
ways to do tills, and PHP offers its own 
mechanism for doing iliLs (and we ll lake a 
Icxik at tliLS a liii later in the column). 

More importantly, suppose you 
wanted to build a wef) site that was data- 
driven. For example, you might liuild a 
table that lists the most up-to-date statistics 


Installing PHP 

111 the golden, olden days of Mac 
OS X, installing PHF was a bit of an 
adveniure. For starters, you 
nw ' i-Tiim i iini i iiii I downloaded the latest version of 

Apple s developer tools, then used Google or the like to find the 
most recent source code distritiution of PHP ihat some kind soul 
had ported to Project Builder (later Xcode) foniiat. Each source 
code distribution came witli a set of scripts tiiat would drive the 
process of compiling ihe source and insialllng the binaries in the 
riglit place, lliese scripts are known in tlie Unix world as 
makefiles. Once you downloaded the disiribution that was right 
for your version of Mac OS X, you mn the makefile, got yourself 
a sandwich and, liopefuJly, by your last l)ite you had yourself an 
installed version of Pi IP. More often than not, however, you ran 
into a funky error tliai re(|Uired you la tweak sc,)me permission 
or other, or pcrliaj>s rename a dimetory, IJoitorn line, this was not 
rocket science, but it was far from trivial 
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O ne of the things I love most about writing this column is the 
opportunity to play with different technologies. I especially love 
it when this means ploying with a technology that takes a sharp 
left turn from the traditional. A perfect example of this is PHP, a 
programming language that looks like C, smells like C, but takes C in a 
very different direction. 


Nowadays, Id IP really hit the iminstreani. Scxjn after 
eat'h rev of PHP or Mac OS X release, web pages pop up with 
instTLiciioas on the [)esl way to rnstali that version of PHP on 
your panieular configuration of Mac OS X. Sooie folks even go 
to I he trouble of creating iraditionaJ Mac OS X installers that do 
all the hard work for you. 

1 used Googie to search for: 

“php 5" “mac os x** 

Why php 5? When I wTOte tills article, PHP 5.0.2 wils the 
latest rek^'ase. Hy the time you read tliis, I suspect FI IP 5.0.3 wall 
lx.* out, if nc>l an even later version. But the major release will siill 
likely lae 5, so a search for PI IF 5 will work. 

Tile site 1 chose for tliis month's column has a piickaged 
iasiallcr for PHP 5 0.1, as well a.s a forum setiion whem you on 
message with oilier folks wltli simikir ex[>erienccs. Htijxrfully, by the 
time you read this, tlie installer will have lieen ujxlated lo the latest 
version, but for Llie purposes of I his disc'tLSsion, 5,0T W'ill do just fine. 

Here’s the link to the main page: 

http'y/vvww.entropyxh/software/macosx/php/ 

Note that this install is for the version of PI IP designed 
10 work with the Apache web server that ships with Mac OS 
X, You are going to install PHP on your own machine, then 
put our php test pages in the Sites folder in your home 
directory. In effect, the Apache web server on your local 
machine wall he serving up pages to you, wjihoiit going over 
the net. This is a great way to learn PUP. With this setup, you 
can make clianges it> your code without using an FTP client. 
Just edit the file in place, save, then lesL As long as you save 
your change, you don’t even need to close the file before 


switching hack to your browser to hit the reload button to 
retest the page. This is an extremely efficient way to work. 

If this is still a bit confusing to you, not to worry. After 
we do the install, well run a few examples .so you get the 
hang of working with PHP. 

Figure I shows the install irLstniclioas from txir download 
page. YouJl want to ciick on the link labeletl PHP 5.0, / JorAjmsbe 
1.3 (rememben die page might have Ix^en updated to a more 
recent version of PHP). Click tiie link and a disk image will be 
downitKided. It’s alioui 20 megs, so it might take a while. Once 
the .dmg file downloads, tlie disk image will inounL Navigate into 
if and double click on the file named phl}-5.0.I.p^ (or whatever 
the file is called when you downkxid it). 



; FHP 4 oTt Mac 0$X 10.3. ' ■ 

^ 13 wtth PO Fli li 

■ PHP 4 on Mac GS X. 10,2 


Installation Instniii!;io/tS: 




1. DowiilJMd thtr aiJpimpnftip fwckiigc frnni th i* lU* 

a, |>pul)J!Kik’k th^ tu mourn *>»■ disk inin|g^ If It rikt iKjf tTHttifU 

;f OotiWiKllek pnckA^Anil ftiltoiv ih? dJrwtiowif otilw 

.■ ■-i-f • : 


Figure 1 - Installation instructions for installing PHP 
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Follow the in.stallation inslrucLions and PHP should 
mslall wiilioLiL a liilch* To verify that the install went 
OK, fire up Terminal and enter these tw^o commands: 

Is -F /usr/local 
Is -F /uflr/uocal/php5/ 

For you non-Unix folks, the Is command lists the 
contents of the specified directory or file. The -F 
opiion asks Is to put a * at the end of executable files 
and a / at the end of dtrectories. This makes an Is 
listing a bit easier to understand. 

Figure 2 shows my results after 1 did my PHP 
install. Note that PHP is insTatled in the direcLc^ry 
/usr/local/php5/. 


The line above contains a single PHP statement, a 
call of the function phpinfoC). This function returns a 
bunch of information about your PHP installation, all 
formatted in a two column HTML table. Why does die 
function return HTML? That's one of the most important 
aspects of PHR Your PHP code wil! generate HTML 
code, which will appear in line with the HTML code in 
which it is embedded. Once the PHP code is done 
running and its output is incorporated into the 
surrounding HTML, the full HTML is returned by the 
server and rendered by your browser. Again, well gel 
into this more later on in the article. 

For the moment, save your one line php file into 
the Sites directory^ in your home folder. To test the file, 
use this link: 


(jS^ O O _Terntrirw j ^ b4>5h H0x2^ 

Hist Wed Ssp 25 14:1 j0j 47 on ttypl il 

WaLcDtne lo Umini 

Oove-norKi-Uwiwior dn¥«t^^ li -F /usr^ia^i 
oirV pJipS/ 

Dwe-ftarKflKjoaputer :" dflvetwrKf li -F /usr^iDML/lEMHi&/ 
flirV httpd .con^ .plus into/ libplip5.5o# ihoro/ 

etc/ inctuctt/ Uls/ mm/ 

l)a¥*-llorNa-J.-o«i5XiwdovwiarK^ | 


Figure 2 - A Terminal listing showing the location 
of the newly installed PHP files 

To test the installation, create a plain text file using 
a tool like TextEdit, BBFclit, or Xcode. Be sure that 
your lex I files are plain text files. Personally, I use 
BBEdii fur all my PHP and web editing. Here’s a link 
to a page that will let you download a demo of BBEdii: 
http://www.barebDnBs.CDm/producls/bbedit/derno.shtml 

Regardless of how you create the plain text file, 
here’s what goes in it: 

< 7 php phpinfoO 7 > 


http://127.0.0.1/-davemark/tGst.php 

Obviously, you’ll replace “daveniark” with your 
own user name. The 127.0.0.1 is an IP address that 
represents your local machine. The -davemark 
represents the Sites directory of the user davemark. 
And, of course, the file name test.pbp is the file we are 
passing along to the Apache web server. 

Figure 3 shows the output when 1 ran testpbp on 
my machine. Obviously, this is just the first few lines 
of a very long series of tables. 




phphKoO 

1 







Duwm Da[¥fr+iidt$co«ivtftv Qiniilft ^ 

Bum creiB 

Awg 13 aWM ^5 a at 1 -1 , ■; i v .I'V'Y: „ 

Cotifljfltinfl 

Canunjlnd 

dkf■/uar/tocaOplipS' •' v 'i 

sockati’ ‘'-erwblS'dCiK^ 


Stthftr API 

Apuciia 


Vnual 

EH9atiied 

( 


.. , '* • 

ffiiDlav ? rrxMiii 



Save rhis line in a file named testpbp and place the 
file inside the Sites directory in your home directory. It 
is critical that the File have the ,php file extension so 
the Apache web server knt)ws to pass the file through 
the PFIP pre-processor before serving up the page. The 
PFIP pre-processor will scan the file looking for PHP 
code to interpret. PHP code always starts with ^'<?php” 
and ends with You can have more than one block 
of PHP code in a single file. We’ll show examples of 
this a bit further along in the article. 


Figure 3 - The output from phpinfoQ. 


Hello, World! 

Our next example shows what happens when we 
mix PHP and HTML. Create a new plain text file and 
type in this code: 

<html> 

<head> 

<title>PHF Test</ti 1 :le> 

</hea<l> 
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<body> 

<p>TKis is some pure HTML loveliness.</p> 

<? php 

echo "<p>Hello. World ! </p>‘': 

?> 

<p>Did we echo properly?</p> 

<?php 

echo date(”r”)i 

?> 

<p>It works!! ! <7p> 

</l:jody> 


Save the file as hello.php and save it in your Sites 
directory. When you send this file to Apache, Apache 
will note the php file extension and send the file to 
the FHP pre-processor. The pre-processor will scan the 
file, copying the HTML to its output as is, until it 
encounters the open PHP tag: 

<? php 

As soon as it hits the end of those characters, the 
pre-processor starts interpreting the rest of the file as 
PHP code, until it hits the close PHP lag: 

?> 

Once it hits that close tag, ilie processor runs the 
PPIP code it just scanned and places the output from the 


PI IF code following the HTML code it just copied. In the 
hello.pbp example, this means executing this statement: 

echo "<p>nello* Wor1dI</p>"^ 

and copying the output from that statenienL into the 
HTML stream. The echo command simply copies its 
parameters to output, where it joins the HTML stream. 

Once the dose PHP tag is enc:t)unlered, the pre- 
puKiessor continues copying the HTML to its uLitput until it 
liits the end of the code or encountens anotlier open PI IF tag. 

Note that our example has n^vT> chunks of PHP c:ode. The 
second chunk executes tliis line of ccxle: 

echo date("r"); 

'Ihe fin^t version of echo you saw' copied Uie text siring 
tc; output. Tiiis version of echo has a hinction as a pammeter 
In tliat case, die PHP pre-processor c:alls the tiinction and 
reairns the output of the function call as input lo exho. echo 
simply echcxis output to die HTML streanL 

Confused? I'ype in this link to execute your copy 
of hello.pbp. Be sure to replace my user name with 
your user name: 

http://127.0.0.1/-davemark/heno.php 
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Tlic* output uf ihiti example f^liowri in Figure 4. 




PHP Ten 


- 3«IQ;' h« p: //1 Z 7,0,0* 1/- tfavepiark /nei Ip, php Ciirp^le 

Thiii bi soiiK^ pun.' HTML loveliness 
Hcuo. World’ 

Did we echo |jto()Cii>'? 
rri, lOuKKM 4\Am 

h woms!:f 


Figure 4 - hello.php in action. 


To gel a true sense of this process, cIkjosc View 
Source from Safari’s VieuJ menu. This will show you 
the merged FHF output and HTML code. Here's my 
merged source: 

<htitii> 

<hea:d> 

<title>PiiP Test</title> 

</head> 

<body> 

<p>This is some pure HTML loveliness,</p> 

<p!>Hello» World I'(/p> <p>Dld wo echo 
properly?</p> 

Frl, I Oct 700A 11:01t48 O4D0 <p>It 

workalI!</p> 

</body> 

</html> 


Notice that the output from the PHP commanils is 
right there in the mix. (’)ne bit of funkiness, though. 
Notice that the I’HP generated HTML did not include a 
caniage return, so ilie follow-on HTML starts on the satne 
line as the end of the PHP output. In this line of output: 

<p>Hello* WorId]</p> <p>Did we echo 
properiy?</p> 


?> 

<p>T t wo rks1tiC/p> 
</body> 

</b 


Note that we added the **\n” direeLly at the end of 
the first echo’s parameter string. Since the second echo 
did not use a siring, we added a second line of code, 
just to echo the ‘"Xn'’. 

When you run this chunk of code, the ouipui will 
be the same. Hut let's rake a look at the source code 
tliat is generated wlien you do a View Source: 

<h-ttnl> 

<head > 

<tiLle>PIJP TeBt</title> 

</head> 

<body> 

<p>This is some pure HTML iovelirtess. </p> 
<p>Hello, Worldl</p> 

<p>Did we echo properly?</p^ 

Fri, 1 Oct 2004 11:39:16 0400 

<p>Tt works I I I</p> 

</body> 

</hinil> 


Notice that the carriage returns we added made the 
inlermediate somx’e a bit easier to read. 

Include Other PHP Files 

Here’s another example, for you folks who like the 
organizational power of include files. This one is a 
slight mod of one from the php.net site. Create a new 
file named ears.php and type in the following code: 

<?php 

Sculor = 'greerC: 

^frult ^ * apple’': 

7> 


Save the file in the Sties folder and create a second 
new file named inc_tesi.pbp. Here’s ihe code: 


you c:an see that the two paragraphs are on the same 
line of source. This will not affect the final oiiljHil, hut 
it does make the source a bit harder to read. An easy 
solution to I his is \a embed a carriage return character 
“\ir at the end of each line of PHl^ ouL|)liL. 

Here’s a new version of befkKpbp: 

<htmi> 

<head> 

<tltle>PHP Test</tltle> 

</head > 

<body> 

<p>This Is Hamo pure HTML lovylintjss. </p> 

<?php 

echo *‘<p>Hello. World ! </p>\n'*: 

?> 

<p>Did ve echo propsrly?p> 

<?php 

ocho dste(‘’r"): 
echo \n" : 


<html) 

Gilead) 

<title>PnP Include Test</1ii:le> 

</heads 
<body> 

<?php 

echo ’’XpSA $color $f ru iT</p>*': //^ 
i ti c 1 u d e ■ vai r =5 , ph p ■ : 

echo '*<p>A Scolor $f tui t </p>'’; //A green iipplc 

?> 

</body > 

</htrai> 

.Save this hie in the Sites folder as well. Run this 
example by typing in: 

http://t27.0.0.1/>-davemark/incJesl.php 
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Remember lo replace daveimrk with your 
iLsername, Your outpur should look Like this: 

A 

A green apple 

In a nutshelk inc_test.php is made up of two 
identical echo statements, with an include statement in 
between. The echo statements print the value of two 
variables, each of wiiieli is set in the include file. 
Notice that the first echo does not have values fur 
$eolor and Ifruit anti does not print anything for those 
values. The second echo occurs after tlie include file. 
Since the include file sets the values for the variables, 
the second echo prints those values. 

This example was included as a bit tjf food for 
thought. Many web .sites achieve their unified look and 
feel thrt>iigh included header, nav bar, and footer files, 
as well as tlirougii a judicious use a( variables. No 
doubt you 11 want to take advantage of include files 
and variables as you hitiId your own FHH projects. 

Restarting Apache 

If you happened to rel>tJOl your machine since you 
did the PMF install, you may have noticed that Apache 
is no longer running. Not to wherry, 'fhere are two easy 
ways to restart ilie server. The simplest way is to select 
System Preferences... from the apple menu, tlien select 
the Sharing icon. On the Sharing page, click on the 
Services tab and make sure the Personal Web Sharing 
checkbox is checked. As soon as you check the 
checkbox, Apache will be started and the Start button 
will change to Slop so you can stop the server. Unless 
Apache runs into a problem at restart, it should be 
restarted automatically when you restan your machine. 

Aiiotlier way to start and slop the server is by using 
the apachectl command in Ternimal. Start up Terminal 
and type in this command: 

sutlo apachc^ctl restart 

You1l he prompted for your admin password, since 
the sudo command executes a shell with root 
privileges. Type in the password and the Aj^achc 
server will be stopped (if it is running) and restarted. 
Either way works just fine. 

Till Next Month... 

We ll be doing a bit more with PHP next monlli. In 
the meantime, check out the web site 
htip://www.plip.nel, ilie official web site for PHP 
developers. There are a ton of resources on this site, 


including complete on-line anti downloadable PHP 
documentation. To figure out why tlic datcO functi(>n 
did what it did, find the search field at the top right of 
the main page and type in the w'ord ^date"’, make sure 
the popup menu says “function list^*, then hit return or 
click on the right arrow' icon. 'Hiis will take you lo the 
“dale” df>ciimentation. 

Check out all the formaL character options in Table 
1 and play with a few of them. Enjoy, and f1l sec you 
next month. 

Oh, if you havent done so already, he sure to head 
over to htrp://spiderworks.com and sign u[>. The new 
versit)n of f.earn C 

Yill 



About The Author 
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B logs, the latest Internet craze, haue become a wildly popular way for people of all 
backgrounds to share ideas, opinions, and information, fl blog, which stands for 
Web log, is basically an online journal of frequently added, chronologically 
organized enliies. flithough mosi blog entries ore short and to the point they can be any 
length. They can also include hypertinhs, piclures, mouies, and sounds. 


Blogs* the liilesl Jniernel craze, have become a 
wildly popular way for people of all backgrounds lo 
share ideas, opinions, and information. A blog, wliich 
stands for Web Icjg, is basically an online journal of 
frequently added, chronologic'ally organized entries. 
Although most blog entries are short and to the point, 
they can he any length. They can also include 
hyperlinks, pictures, movies, and sounds. 

1 got my first look at blogging about a year ago. Vd 
just renewed my .Mac mernl)ership and was surllng the 
.Mac site for software f>erks* That's where 1 downloaded 
a special version of iBlog for .Mac users. iBIog offered a 
very Mac-like interface for creating blogs, blog categories, 
and entries. It then enabled users to publish their blogs 
on their .Mac Web space on Apple's server. J downloaded 
iBIog, set it up, and started pulilishing my tjwii blog. 
Within a remarkably short time, I was hooked. 

iBIog makes it easy for me to share my thouglits with 
Web site visitors without HTML ctxJing or fiddling around 
with Dreamweaver (my current auUioring tool of choice), 
iBIog entries are automatically put in chronological order, 
with the most recent on top. Old entries are automatically 
archived by dale. All i liave to do is type in my entry and 
publisli it, iBIog does the rest. 


If you want to start your own blog and you don't feel 
like putting a lot of effort inio [^programming or paying a 
blog liosting site to host your hJog, iBIog is the answer. 
Here's how^ you can get stant^d. 

Download and Install IBIog 

'lliat special version of iBlf>g ihai I downloaded from 
.Mac is no longer available. That's the bad news. 1he 
go(xJ news is that newer, more feature-packet I versions 
have been released since then. And altfiougii the software 
is dbtnhuted as sliareware witli a 2-week trial period, it 
only costs al^out $20 to buy. (Payment is in Indian rupees, 
so die exact amount varies.) You can download a copy 
from the Lifli S<jfiware Web site uL www.lilli.com, 

iBIog comes as a disk image. Open it up and dntg the 
iBIog icon from the disk image’s folder to your hard disk 
to copy ii there, TliaPs all there is to it. 

Using iBIog creates an iBlog folder in 
^usernume/Library/AppliCTition Support/, Depending on 
liow you configure iBIog, it may alstp create an iBlog 
folder in --uscTnaine/Sites/. So if you decide later that you 
don't want to use iBlog after all, just delete the application 
and the two iBlog folders. Tfiai’ll remove it and its daU 
files from your com|iuler. 
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Getting Started 

Double-ciick the iRiog apphcation icon. iBlog opens 
and displays its Blogger Mode windcjw. Figure 1 sht>ws 
what my well-established iBlog window looks like* Wlien 
you Rrsl launch iBlog* this window will be empty* 



Fig 1: iBlog Blogger Mode with lots of blogs, 
categories, and entries. 

(iRfog has two modes: Blogger Mode and Reader 
Mode* You use Blogger Mode to create and publish blogs* 
You use Reader Mode to read other people's syndicated 
blogs. This article covers Blogger Mode only,) 

iBlog's interface should look familiar. It's a lot like 
iPhoto, iTunes* and other Ai>ple soft ware. A pane on the 
left side of the window lists blogs (gold folder icons) 
and their categories (blue folder icons)* When you click 
a blog or category* a list of its entries appears to the 
right. When you click an entry name* the entry appears 
in a window beneath it. A calendar beneath the Blogs ^ 
(Categories list offers a way to view cnines by dale. Click 
a date to see its blogs. 

Create a Blog 

Ibe first step to using iBlog is to create a blog. I like 
to think of a blog as an online book. You need to create 
the book l:)eforc you can fill it. Although I have lots of 
blogs* you really only need one to be a blogger. 

Click the Add New Blog/Category/Hntry button at the 
bottom-left of the window (Figure 2). Chcx>se New Blog 
from the menu that pops up. A dialog sheet with options 
for the new blog appears. 



Fig 2: The New Blog/Categoiy/Entry button displays a 
menu. 

If necessary, click the Attributes button (Figure 3). 
You must enter information in the Blog Name and Rlog 
Description fields. This information is used for the Web 
pages iBlog creates automatically for you, 



Fig 3: Blog Attributes include the Blog name, 
description, and other settings* 

There are a few other important settings in tliis 
dialog. Make sure Blog Type is set lo Pulilk and that the 
Publish Blog option is set to Yes. The Authex Name 
appears at the bottom of the page in a copyright notice 
and the Author Email is used for a feedback link. 

Click the Display Settings hutU)n (Figure 4). This 
dialog sheet determines how the pages of your blog will 
appear and offers some custonii^atjun options. iBlog has 
many other powerful customization options, as Til discuss 
briefly later. For now, ju.st set the What to show in hlog 
page option to Abstract and Body. 
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Fig 4: Display settings offer some page 
customization options. 

When you click Save, your new lilog appears as a 
gold folder in the Blogs and Categories list. You c:an 
repeal these steps ro creiite multiple l>log>s if you like. 


When you click Save to save your settings, the 
category appears in the Blogs 2k Categories list as a blue 
folder beneath its blog. If you can't see it, click the 
triangle tx:side the blog folder to display it. 

Of course, you can repeat this prex'ess for as many 
categories as you'd like to create. Figure 6 sliows die 
Bit>gs 8l Categories list with three categories created. 





Biogs & Categories 
T Maria's WebLog 
^ Horse Stories 
Vacation Photos 
What I'm Thinking 


Fig 6: A single blog with several categories. 


Create a Category 

if a blog is like a book, then a (.''alegot'y is like a 
chapter in llic book. Although you don’t have to create 
categories, I recommend it. Categories offer a way to 
organize entries in a way other than by date. iBlog creates 
category pages that list entries for just that category. 

Click die Add New Blog/Categoiy/Hntry button 
(Figure 2) and choose New Category from the menu ilsat 
pops up. A tiialog sheet ft>r the new category af>(>ears 
(Figure 5). If you have more than one blog, cluxise the 
name of the blog the category Ixdongs to from the Select 
Blog Name pop-up menu. Enter a naine for the category 
in the Categoiy Name lx>x. And. if you want to get fancy 
and assign an image to the category, tlmg iht‘ icon for an 
image Ole from the Finder to the Category Image well. 
The image ap|iears in the well. 


Select fitog Uame ' Marians WebLog 


■ Category Marne: What I'm Thirvkiog 


Category Image: "^7 

eS. 


^ Reguind 


c ) C^l3 


Fig 5: A the categoiy settings sheet with some 
infoimation entered for a new category. 
(Yes. that's my mug.) 


Create an Entry 

If a blog is a like hocjk and a category is like a 
chaplet^ then an etitry is like a page. Well, something 
like a page. Entries are what make up the contents of 
your blog. 

Click the Add New BIog/Category/Entry button 
(Figiire 2) and choose New Entry. Use the New Entry 
form window that appears to c:reate your entry 
(Figure 7). 



Fig 7: A blog entry. 
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This window is pretty self-explamuory. You set 
options at the top of the window ro determine which 
blog and category the entry should l:ie associalcd with. 
The Post Date is entered automatically, but you can set 
it to a different date to change the order in which the 
entry appears or set it to publish at :i later tiatc. Tlien 
you enter liie entry's title in the Entry Title box and the 
entry's Ixxiy in the big box at the bottom of the 
window. 

The Hniry Abslracl is a sliorler version of the entry. 
The Auto Abstract option, which is relatively new, will 
create an abstract hasetl on the entry body. 1 don1 like 
this fealure, so I linn it off. Instead, I manually enter a 
one-sentence description of the entry in the Entry 
Abstract box. 'I'hat's just the way I use iHlog, though. 
You may prefer real abstracts and think the Auio 
Abstract feature is great. Give it a tr>^ and decide for 
yourself. It's easy enough to turn off if you decitle yc»ii 
don't like it. 

The tooll>ar at the top of the window has liiittons 
for the usual formatting options, as well as tiptlons to 
add features to your blog entry. For example, you c:an 
select text in the blog window and click the llyperlink 
button to display a dialog like the one in Figure 8 for 
turning the .selected text into a hyperlink. Enter the 
URL, turn on the check box if you want the page to 
open in a new Web browser window, and click Save. 



Fig 8: Use this dialog to create a hyperlink 

If you use iPhoto to organize your photo.s and 
other graphics, you can click the Photos button to 
insert a photo inLt> the entry. Choose an iPhuto album 
in the dialog that appears (Figure 9) and click the 
photo you w'ant to insert. The Width and Height boxes 
work a lillle weird; the size of the photo is determined 
by the height and the width is adjusted proportionally. 
Click Import to insert the image into iBIog. Once the 
image is inserted, yt)u can double-click it to display a 
dialog sheet (Figure 10) for setting other image 
options. Although you won't see those options in the 
iRlog entry window' (Figure 7), you will see them 
applied on the Web page ililog creates (Figure 13). 



Fetch 


Resume downloads 



Fetchsoftworks.com 

(Running dog included.) 


M/cam 













Fig 9: Use this dialog to insert an image from your 
iPhoto photo library. 
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Fig 10: Then use this dialog to set image options. 

When you click the Save button to save your entry, it 
apj^ears in the Blogger Mode window (Figure 11), 



Fig 11: A completed blog entry in the 
Blogger Mode window. 


Preuieu) 

You can use i Blog’s preview feature to get a look at 
your entry before it’s published. Just click the Preview 
button (which looks like a magnifying glass) in the 
bottom of the Blogger Mode window, iBlog launches 
your default Web browser and display.s the Home page 
for your !:>logs (Figure 12), 



Fig 12: iBlog creates a home page 
for all of your blogs. 


CHc:k the link for a bitjg name. The blog page for that 
Idog appears, wiili the entry you created at die top 
(Figure 13). As yoir can see, iBlog also creates a 
navigation bar ct>mpleLe with calendar and links. Try out 
die links to see what odier pages iBlog created. You 
should be impressed, 1 was, iBlog is a heck of a lot 
quicker dian creating all those pages manually. 
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Fig 13: Previewing an entry. 


Choose a location cyiK from tlie jx)p-up menu at the 
IxJttom of the screen (Figure 15). For litis example, I ll 
chcxwe FTP to publish on an existing Web server. 'Ilien click 
Ne\v Location. 


.Mac 

{ Delete Location ^ 

Choose Location 

1 ( New Location ) 

: Local ^ 

1 

WebDAV 

AFP 



Fig 15: Use this menu to choose a location type. 


Publish 

Pul>lLshin^ with is just as easy as previewing. 

But first yuu liave tt> set up a pul)lish lucalion and 
match the blog to the location. You do this just once 
and iBlog remembers your settings for each time you 
want to publish, 

ChtK)se Preferences from the iBlog menu. In the 
dialog dull appears, click the Publish button, you sh<.)ukl 
see a dialog like the one in Figure 14, but it'll lie empty. 



Fig 14: Publish preferences with a publish location 
already set up. 


Use the New FfP Ix>cation dialog (Figure 16) to 
enter die usual information for accessing the appropriate 
Fl'P server, d'hen turn on the check l>oxes beside the 
name of the lilog you warn to puhiish to that site. As you 
might imagine, if you have multiple blogs, you can 
publish them to multiple locations. Click Save and your 
settings are .saved as a Publish Location (Figure 14), You 
can close the Publish preferences window. 



New FTP Location 

Location Name 

MartjungcrWthSii^ 

Username 

mianger 

Password 

+***• 

Server Name/IP 

il0.inet)vingni.c(Kii 

Copv To folder 

/marialangcT/ 

Timeout Interval 

SB Strconds 

Website URL 

http: //www.ituna langer.com/ 


Select biggs igr this laCdtign 

Biog Name Assign iiog Ceov Blog folder 

Maria's WebLog 

a"' a 

Cc»n«tj (: SMf--3 


Fig16: Enter FTP site information in this dialog. 
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Back in the Blogger Mode window, click ilic 
Publish burton, which looks like a liule planet Earth. If 
you liavc niultiple blogs, a dialog appears so you can 
specify which blogCs) you want to puhli.sh. But if you 
have just one blog, tBlog goes online and uploads all 
the pages and related files it has created for your b!og. 
Wliile it*s doing this, it displays a Publish Status dialog> 
When the dialog disappears, your Web brtiwscr 
launches, displaying tlie blog page that has been 
uploaded to your site. 

Simple, no? 

Going the next Step: Customization 

While I admit that iBlog isn't the perfect solution, 
it’s pretty darn t:lose for a non-programmer like me. 
Although die pages it creates are perfectly acceptable 
"right out of the box" as discussed here, iRlog can be 
customized to change the appearance and layout of 
pages and the items that appear in the navigation bar. 
You do this by creating or customizing templates, style 
sheets, an cl navigation bar contents. A complete 
di.scu.ssion of tills is far beyond the scope of this 
article, but if you Ye familiar with HIML and CSS, you 
already have the knowledge you need to make the 
clianges. If you want a good idea of what can be done 


with iBlog to create a truly customized site, check out 
the support Web site I've created for my books, 
www^langerbooks.com. That entire site is tBlog- 
generated and it's a heck of a lot easier to maintain 
than the old sites I managed with Dreamweaver 

iBlog. Do you? 

A,s you can see, iBlog offers a simple solution for 
someone interested in blogging. As it continues to be 
developed and refined, it may well become a leading 
product for Mac bloggers everywhere. 

iW I 
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Software Marketing • by oave wooiaridge 



Serial Number 


Politics 


Protecting Your Software 
Products from Piracy 

In the January Issue, we explored 
viLi-ious ways to package and protect 
your sofiwarc for disirilRiiion, 
weighing the pros and cons of 
denioware, trial ware, installers, and 
disk images, in Llie Fehruary and June 
issues, we discussed various ]>Lirchase 
incentives and upgrade strategies. Now 
that we liave a defined game pinn for 
distributing and selling our fictional 
softw^are prc:>diicr, CodeQuiver, we 
need to !>uild the infrastmciure for 
“unkx'king"' registered software. 

Streamlining the 
Registration Process 

Tliere was a lime wJien mosi Mac 
shareware developers simply included 
their owm variations of the common 
“Register'' application with iheir 
software. This stand-alone utility 
would usually display a simple order 
form inLerfiice, customized wiili the 
product's price and sales infc3. Users 
would fill out the form and then 
choose to either submit the order 
electronically or print it out for mailing 
or faxing. Once the order was 
received, the vendor would then either 


mail out the registered product on nof^[jy disk or CD, or 
e-mail a serial number to the customer. The Internet has 
c(Hne a long way since liufn, allowing developers to 
utilize sophisticated e-commerce web applications lor 
quickly processing secure electronic ordei’S, aaivating 
licenses, and issuing serial numbers. The current 
generation tjf e-commeree srikitic^ns has empowered 
devek^pers with new .streamlined ways of incorporating 
the purchase process directly wathin their software 
witliOLit the need for a separate stand-alone utility. Scmie 
software prtxkicts simply include a menu item for visiting 
their wel> store’s online order form, while others iiiilize 
eSellerale’s IniegraLcd eSeller lechnology, enabling 
customers to purchase and register the software from 
wiihin die application itself! Regardless of the purchastt 
method, consumers have come to expect t|uick results. 
Customers used to be content witli w^aiting 24 to 48 hours 
before receiving a serial number via e-mail, but in today's 
last-paced wcjrld, expectations have changed. Users 
assume your sofmare can be unlocked/regislered 
immediately upon purchase. 

If youTc still generating and e-mailing individual 
serial numbers by hand (and you’d be surprised how 
many of you are still out there), you're not only wasting 
your valuahle time, but you’re preventing your business 
from growing. Manually e-mailing a serial number to a 
customer when notified of their payment may not seem 
like muc:h of a burden if you only receive a few orders 
each day. Most of us keep our e-mail programs running 
on our desktop all clay, so responding to a handful of 
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T his month, we’ll investigate the mystical world of serial numbers. 
If the only way for customers to unlock your trial ware is by 
purchasing a serial number, then crafting a secure and reliable 
registration/activation syvStem is an important step that needs to be 
addressed before software licenses can be sold. 


customers each week in a timely hishion seems easy 
enough to manage, but what happens when orders 
increase to several dozen each week or even each day? 
If you're a single person operation, ninning your 
shareware inisiness out of your iiomc, an overwhclnung 
avalanche of sales is the kind of problem you dream of 
having. But now you find yourself spending most of 
your days generating serial numbers and sending c- 
mails, leaving iittle time to actually develop software and 
maintain the other aspects of your business. And what if 
you decide to go on vacalion? You can’t leave your 
customers hanging, waiting impatiently for two weeks 
for a serial number. That's just bad business. You may 
return from your vac:ation to find a horde of angry 
customers demanding refunds and threatening to report 
you as a lira udulent company. 

ft's worth the time and investment lo develop your 
own in-house tools for generating large volumes of serial 
numbers and linking individual numbers to customers. 
Being able to track the serial numbers assigned to each 
customer will enable you to trace the origins of pirated 
serial numbers as well as authenticate customers who 
request technical support. Having the ability to quickly 
generate large quantities of uniqrie serial numbers is also 
crucial when dealing with third-party e-comnierce 
companies and international distributors. You'll want to 
provide blocks of serial numbers to these kinds of 
vendors, so that they can easily resell and register your 
product to their customers. The importance of this will l)e 
explained tliroughout this article. 


Tf you host your company site tin your own web 
server, then you have the llexibility to build your own 
custom web applications for delivering, activating, and 
validating serial numbers. This kind of automated 
system allows your customers to place orders and 
immediately unlock their software around the ckick. 
Since your online web store caters to an intern at ion a I 
market of various time zones, having an automated 
system is not only a convenience that your customers 
expect, it also allows you, the developer, to finally get 
some sleep and take vacations without perpetually 
worrying about serial numbers. 

if you utilize a third-party e-commerce solution such 
as eSellerate, tlien most (if not all) of this autotnated 
functionality is already built into their provided service. 
eSellerate, for example, a.ssigns a serial number set to 
each product that you add to your online catalog. This 
serial number set can either be eSellerate's serial numlx^r 
generator, your own custom algorithm, or a blot:k of your 
<mn uni<|ue serial numbers lhal you upload lo their 
system. eSellerate will even notify you via e-mail when 
your list of serial numbers nins low, so that you can 
replenish the inventory with more. With your serial 
number set assigned, eSellerate automatically e-mails a 
unique serial number to each customer after payment ha.s 
been received. And if you use eSelierale’s Integrated 
eSeller technology wathin your application, after a 
customer submits their billing information and the 
payment Ls proce.ssed, a serial number is instantly sent 
back to the application. With very little code, you can 
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program your application to insert the tmnsinitted serial 
number directly into the serial numl:jer field of the 
registration window (see Figure 1). Tills integmted 
solution turns software pureliasing into a pi>werful, 
Streamlined process, Witli only a few i:>utton clicks, 
customers can purcliase and register your software 
without having to leave the application. WeVe released a 
lew of our Electric butterfly products with eSellerate's 
Integrated eSeller and now approximately 40% of our 
sales come from the Integrated eSeller (with the other 60% 
of orders coming from our web store) ^ so it is definitely a 
convenience our customers appreciate. 



Figure /, The registration window for our fictional 
CodeQuiver product. 

when designing your registratkin window, there are 
some vital components you 11 want to include. In the 
regisuation window of <>ur fictional CodeQuiver prcxluc i 
(see Figure 1), tlie ""Purcliase'' button is set as the default, 
informing the user that this is the first step. As previously 
described, you may c1x>ose to progmm ilie 'dkirchastC 
button U) ciflicr launch an Integrated eSellcT for 
purchasing tlie software directly within the application (if 
you use eSellerate) or lo simply direct ihe user to your 
well store's online (3rder form (via the default web 
browser), If using an Integrated eSeller, a successful 
payment returns a unique .serial number which your 
application can InLclligenUy display in the serial number 
field and tlieii assign the “Register'' ):>utton as the default. 
Whether the .serial numlier is dynamically inserted into the 
registration window or the cu.stomer manually copies and 
pastes it from a confirniation e-tnail, it’s a good idea to 
require customers to submit their full name with the serial 


number in order to complete the registration process. 
Many software companies require an online connection 
in order to register, so that the user’s name and serial 
numljer can be authenticated l)y an online seiwer 
application. By ^'phoning home" during the registration 
process, it gives software companies the opponunity to 
clicck new registrations for pirated serial numbers (using 
their own “bktcklists" for comparis(?n). There are some 
developer who f)biect to this strategy, so whether your 
software actually “phr)nes lK)me'’ or not, requiring users 
to submit their full name with the serial number will still 
mike some casual pirates think twice before clicking the 
“Register” button. 

For shareware and trial ware products, the registration 
window usually appears every time the unregistered 
application is launched, so you 11 want the window' Lo 
include some brief infonnation about how the trial is 
crippled or time-limited and how purciiasing a license 
removes the demo mode. Since your goal is to inspire 
them to buy the product, take the time to design an 
elegant registration window. Figtire 1 includes 
CodeQuiver's logo and key art in an effort to ^beautify" 
the window with a little extra polish. 

Creating Your Own Algorithm 

Even though some e-commerce solutions such as 
eSellerate provide their own services for generating and 
activating .serial numbers, there are drawl>acks to using 
third-party serial numljers. One disadvantage is tliat some 
third-party serial number generators do not allow you to 
arid yt)iir own reference keys to differentiate between 
prcRluct names and vcTsit>n numbcTs. Including special 
identifiers in your .serial ntirnbers iiin be helpful w'hen 
processing ciislcMiier seiAuce retjuests. The most serious 
drawback is lliaL in many cases, it ties your sales to a 
single e-commerce vendor. For example, eSellerate 
needs to process the sale in order to generate and activate 
an eSelleraic serial number For shareware developers 
and hobbyists wlio do not plan to ever localize their 
software in f>iher languages, this may not be an issue. But 
if you eventually want Lo localize your software and 
utilize international distril^utors to sell your .software in 
other count lies, then youll definitely want to use your 
own serial nuniljer sysleirr Hie reason is that yotiil need 
to provide a block of serial numliers to each international 
distributor becau.se they usually handle not only the sale, 
but also registration and cusLoiner sujqxM for your 
product in their native language — a turn-key service yott 
will greatly appreciate (unless you speak eight different 
languages and re<|uire no sleep). By utilizing your own 
serial number sy.stem, you can easily generate unique 
blocks of serial numbers for your third-pany ex^ommerce 
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vendor (such as cSellcrate), regional resellers, and 
interna tic^na 1 d ist ri bii tors, 

S(^ youVe spent hours slaving over your serial 
nunilx-M’ algorithm, adding enough complexity to stump 
even the most dedicated cracker? Before you pat yourseif 
on the back, make sure your programming ccxle accounts 
for die following issues: 

• Do nor harckrrxle serial numbers into your application. 
Crackers and evert a decenf handful of ctisual pintles kn<m 
how to scan your application’s binaiy executable for serial 
numIxT strings. Simply open the application in a resource 
editor or text editor (like BBKdil) and all of your 
application’s string resources are viewable, emlx^dded vv itliiii 
the garbled byte code, instead, include an algorithm in your 
application that can “dectxie’' and validate serial numbers. 

• Obfuscate or ""Munge" decoder key strings. Like the old- 
fashioned decoder rings, many serial numlx^r algtxithms 
utilize a defined string of alphanumeric charaaers as a key 
that is used in the algorithm to encode and decode the 
numeric sec|uences used in the .serial numbers, tf a cracker 
can find your decoder key string l>y scanning your 
aj^plication’s binary executable with a resource or text editor, 
then hc/she may he al>le to crack your algoriihm if rhe key 


is compared with three or more pirated serial oumliers. It’s 
had enough when you have to blacklist a lew stolen serial 
numbers, but the worst case scenario is when crackers figure 
out how to emulate your serial number algorithm, 'this 
would enable them to generate tiieir own endless supply of 
illegal serial numbers, leaving your current software veision 
completely vulnerable in misuse. Do what you can to avoid 
this problem by obfuscating your decoder key or any other 
related strings that might ex]x>se your algorithm, Sciamble 
and m;is.sem!i!e rhe strings in code or use an encoder such 
as Basefri tliat will “hide” the string from prying eyes without 
requiring too much extra programming effort for your 
algorithm to then deccxle the strings at runtime, 

• Every serial nuniliei should Ix^ unique. Tliiiik long-term and 
design a format that allows you to generate at least one 
million unique serial nunilxrs. While liiis nunilxT may seem 
wildly optimistic, don’t limit the rationale to only sales, 
Betw'een f>lack!isting pirated serial numbers and genemting 
large blocks of serials for resellers and inLernational 
distributors, youll go through serial numbers faster than you 
think, Rememfier, running out of serial numbers may force 
you to release a new vcrsiim of your software with a revised 
serial numlxi‘ algoritJim, which is extremely inconvenient for 
both you and your customers. 


Professional Web Content Management 

does not have to be expensive! 


webEdition not only offers Mac users the easiest way to maintain a Web site, but also... 
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^ ...full freedom to design: build Flash, 
HTML and Barrier-free sites 


^ ...modular architecture: buy 
only what you need 


assurance of standard 
technologies: PHP, MySQL, XML 


^ ...peace of mind: free support and no 
follow-up costs 


♦^...easc of use: simple installation, intuitive 
design, extensive documentation 

“When we found webEdithn we were 
blown away Here is a full-fledged CMS 
that f5 simple to implemenf amazingiy 
powerful and easy enough that almost no 
training is required for our cl/enfs.” 

Artrfnrw fifrrituwr&, Dwi'roprrterjr Difvirtur 
Sfiarkplug 


^ ...a name you can trust: webEdition, 
from the creators of Toast and 
DVDirector 
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Think like a iiacker. When designing your serial number 
format, examine your scheme from a cracker’s point of view. 
If it seems like a formal that might easy to crack, then it 
prot^ably is. When comparing three or more serial numbers, 
do any patterns easily emerge? is your algorithm doing 
nothing more than using a common encoder to iiide" the 
real values in your serial numbers? For example, some 
developers generate serial numbers by converting the real 
values into ASCII character c:odes. While litis may produce 
an interesting numlter-based serial, don’t diink that won’t be 
one of the first things crackers try. ASCII character codes are 
commonly used in serial numIxT tutorials, so to employ such 
a simplistic approacli is like putting a red target on your 
back. Be aeative, 

Integrating cLLstomcr daui into serial numlxis. In an attempt to 
ajrl:^ piracy, many software aimpaniCsS infuse the customer’s 
name, e-triail address or last fcjur credit caid digits into die serial 
number. The theory is if customers’ pcrstmal data are 
enilxdded in the serial numlxrs, they will lx less likely to shtre 
the serial numlxrs with others for fear of it Ixing trac^etl liac k 
to them. If you chfxxse to employ suc:fi a lactic, do not use liie 
t Lisiomer’s name (unless you encrypt in some way). Your web 
store is a global business, so your aistoniers’ names may 
include accentuated llntcode ciharacters I hat may not lx easily 
deci[)iiercd by your serial number algorithm. And even if your 
algoritlim can handle Unlcxxle characters, customers may 
accidentally corrupt the string when copying and pasting it 
from their confinnation eatiail to your application’s registration 
window. Stick widi ASCll-based characters. F-mail addresses 
are unique and safe to use. The last four digits of the customer’s 
credit cart! are ettsy enough lo crnlxd inio the serial numixr, 
but w'itiioul die rest of die card numlxr, die four digits would 
not lx unique or useftd as an idendfier And even diough it is 
only the Iasi fourdigirs, you would .stirely encounter conifdaints 
horn cy.stomers who are uncomfortable widi your unordicxlox 
use of tlieir credit card nunilxr. 

Avoid using dates or decimals. By making your software 
avaiiabie to the global community, you cannot depend on 
dates or decimals to lx represented the same way. In tile 
IJ.S. the month conics Ixfore the day, but in many 
countries, the day comes Ixfore the month. March 30, 2004 
is often displayed as 30 Mart'h 2004. More imp<irtanLly, 
decimals are not always represented willi a period. .Some 
countries use commas. So your software version number in 
integer form may display as 1.5 in the U.S. and 1,5 in 
Ciermany. You can certainly integrate dales and version 
numlxrs into your serial numbers as long as your code 
properly manipulates the month, day, year, and versitm 
properties with these pitfalls in mind. 

Some letters can be confusing for customers. There are gfxid 
reasons to include lelters in your serial numtiers, l>uL be 


aware that certain letters may cause problems ft>r (arstomers. 
An upper case and a lower case ‘"I” are often mistaken as 
the number one* And depending on the display font, an 
upper case kx>ks just like a 7.ero (see Figure 2, Item 6), 
rf customers type a numtxT instead the right letter, your 
software will continue to tell tliem tliat the submitted serial 
number is incorrect and you1l forced to deal with 
unnece.ssary cu.slomer support retjuesLS. 

• Using special identifiers. You may have noticed that many 
software companies use identifier letters in the beginning 
or end of their serial numbers. Tliese letter codes are 
helpful when receiving customer support requests and 
when tracking piracy origins. Figure 2 shows an example 
of some reference keys that are commonly used: (1) 
company initials, (2) product initials, (3) version number 
without decimals, (4) operating sy.sLem platform identifier 
M/W/L/P, and (5) international distributor initials such as 
DE for Gennany, jP for japan, US for United States, etc. 
I'here is no standard for these ideniihers, so design a 
format that works for yotir specific needs, but be sure to 
anticipate long-term goals. For example, you may not 
utilize international distributors now, but using a regional 
identifier may prove handy wlien your oixraLton expands 
in the future. 


Os 

EBCQ15-MDE04-921 


Figure 2. Using identifiers in your serial 
numbers will help you track piracy origins as 
well as where specific product versions were 
purchased. 

Battling Piracy 

While you should do what you can to make your 
serial number format and algorithm as difficult to crack 
as possible, tlie unfortunate truth is that most of your 
piracy issues will stem not from cracked code, but 
from stolen serial numbers that are po.stcd online. With 
so many illegal warz sites and newsgroups available, 
it’s all too easy for users to find pirated serial numbers. 
The irony is that many of the users who find pirated 
serials online would probably buy your software 
otlierwise, but the opportunity to save money often 
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outweighs Llic uK>ni] connict in ilieir mind. Sure, you 
could send ‘'cease and desist” letters to those warz sites 
anti their ISPs, but how do you stop the consumers 
wtu> are already using tlie pirated serials witlj your 
software? Many software companies have Found the 
answer in blacklists. 

If youVe unfamiliar with the Lenn, a t;) lack list is 
usually a database of known pirated serial numbers. If 
you find your software Is prone to piracy, then it may 
he in your best interest to maintain your own blac klist 
for each product you release. Pvery time you find a 
pirated serial number on the variotts warz sites (and 
you should c'heck them often) or receive a lech 
support request or registration activation with a pirated 
serial, you should add it to your blacklist. 

A black!i.st database is most effective when you 
actively use it to authenticate submitted registrations 
and customer stipport requests. Earlier, we discussed 
applications that ‘'phone home" to a web server during 
the registration process. This method is effective in 
stopping most casual pirates since it checks to see if 
the submitted serial number is currently in the blacklist 
database. If there’s no mateh and the serial nuinl>cr is 
valid, then registration is successfully compleieck If the 
server app reports a blacklrsf march, then your 
software can cancel the regisiraiion process, informing 
the user that the serial number is invalid and to contact 
customer service for assistance, rhe message should 
not indicate that the serial is pirated, since there's a 
slim possibility that the user accidentally mistyped the 
serial number and it coincidentally matches a pirated 
one. Granted, the odds of this happening are probably 
miniscule, but all customers should be treated as 
innocent until proven guilty. Instead of condemning 
them, give them the opportunity to (j(i the right thing 
and purchase a legitimate license. 

Authenticating the serial number online is 
completely acceptable during the registration process, 
bill since consumers are usually wary of information 
being sent online, he sure to inform them with a 
message that tells them w-hy the application needs to 
establish an online connection and exactly what data is 
being nansmitted. Do not perform this kind of check 
every time the user runs your software — it will only 
make your honest customers feel like criminals. 

It’s a good practice to require customers to submit 
their serial number and full name with all customer 
support requests. This way you can ciieck the serial 
numbers against your blacklist database for possible 
matches. No .sense wasting your time fielding tech 
support tgicries of illegal users. And if you haven’t 
experienced it already, yoiril be surprised at just how 
many pirates have the gall to demand tech support help. 


If you're primarily worried about inter-office use of 
the same serial number among multiple employees, it 
can be beneficial to make your software network- 
aware. Upon sum-u[>, your application can silently poll 
the network for other copies of itself and check for 
dupllc:ate serial numbers. If matches are found, the 
application can politely inform the user that the 
registered serial number is already in use by another 
copy on the network and present a choice of two 
l>utlons: a "Quit" button and a convenient '‘Purchase" 
button to order additional licenses. 

.Some software companies go a step further by 
limiting the number of times a particular application 
can be activated. While this can help curb the sharing 
of .serial numbers among co-workers and friends, it can 
!>e extremely annoying for those customers who 
continually upgrade their computers and operating 
systems. They are still using the same product on only 
one computer, but upgrading to the next operating 
system release every six months often requires 
software to be reinstalled (especially since many users 
opt for a clean install of each new OS release). So if an 
honest customer upgraded to OS X Jaguar and then 
soon after, upgraded to OS X Panther, your imposed 
three-rime limit on product activations is quickly 
exceeded and llic customer is now forced to w^aste 
precious time contacting customer .service for help. 

'I'he same consumer frustration occurs with other 
anti'piracy methexLs like expiring serial numbers that 
need to be renewed once or twice a year. Whatever 
copy-protection scheme you employ with your 
software, try to imagine how it will affect your 
cusiomcT relatiunsliips. You want to protect your 
software without annoying your honest customers who 
have rewarded you with their licen.se payments and 
continued loyalty. Your customers’ experience should 
never suffer due to a handful of unscrupulous pirates, 
so try to keep a conscious balance between defensive 
programming and ease-of-use, 

'k’lii 
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Adobe's Portable Document Format (PDF) is really only as portable as the viewer used 
to read or print it. This has become an issue in recent years as the Adobe Reader (nee 
Acrobat Reader) has evolved to support some platforms better than others. Web 
publishers who desire maximum portability must now take stock: would this work on 05 
X or Linux as well as Windows? This issue is complicated by the rise of alternative PDF 
viewers such as Apple's Preview and alternative web browsers such as Konqueror. 


liasic PDF viewin^i» and printing Is generally okay. 
Iiiteractive PDF forms, however, are a different story. Adobe 
Render on Window.s integrates closely with popular web 
brow.sers, allowing a web developer to drive an interaetive 
PDF form filling session using the web server (e.g., 
htt]^://pdfhacks.com/form_seasion/farni_session-l. 1/), OS X 
users, however, won't have the same experience, nor will 
many Linux users. 

One solution is to use HTML form feamres instead of PDF 
form features when ('oileetiog data. The web server can manage 
tJiis data collection session, providing data validation and any 
necessary database access. When the forni is complete, the weh 
server can laid the PDF form with the user’s data, flatten the 
form, and then serve it it) the user. Tlattening” makes the 
dynamic form data a permanent part of the page, so the 
resulting PDF will display properly itsing any PDF viewer. 

Collecting data online using HTML forms is old hat. We'll 
discuss the part where you pack this data into the PDF form for 
delivery to your user. Well also talk about how you am 
automatically convert a PDF form into an HTML form. My free. 


command-line tcK)l, ]>dftk, makes Ix^th of these possible. Well 
need to discuss how to get pciftk working on OS X ( it also works 
on FreeBSD, Linux, Solaris and Windows). Wc should also touch 
on PDF fonns. 

PDF Forms 

Using Adol:)e Acrobat 4, S, or Acrobat 6.0 Pro (but not 6.0 
Standard), you can add interactive form fields to PDF 
documents. PDF fomi fields closely resemble tlie form Fields 
available to HTML form progmiiimeis. You have text boxes, 
check boxes, radio buuon,s, c:ombo lK>xes, list 1k)xcs, and 
buttons. Tlie.se can be further conOgured to suit your needs. For 
example, a text lx)x can be configured to be multbline or to 
mask pas-sword input, and buttons can he t:onfigured to submit 
the fc^rm data to a web server. 

You can even program PDF forms using JavaScript, althougli 
the PDF cioaiment object mtxiel is quite different tlian iJie DOM 
familiar to web developen>. To leant more alxjut pmgnunming PDF 
using JavaScript, see tlie Aaobat JavaScript Object Specifiairion 
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(lmp://pii[Tnefs.adolx^x'oni/iisn/tleveloper/pdt’s/tn/5186AcroJS.ptif) 
and die Aerobat javaSen[)t SeripLing Guide 
(http://yxiitners.adobe.a>m/asn/acrobat/sdk/public/docs/Acr 
ojSGuide^pdO. We won't discuss using JavaScript with PDb 
forms, lie re. Tfiougli, \ will mention the site 
htt[)://wwwaiuitleuukro[i,edu/^dpstory/acroicxJHml, where 
you will find JavaScript powered PDP games, such as Tic- 
Tac-Toe and Naval l^allle. 

For our puiptjses, t)ie imiK>rtant thing about PDF forms is 
that yc3u can permanently merge them wiih form daur You can 
do this using Acrobat, or you can use the free, command-line 
PDF Toolkit, pdftk. 


Linder pdftk's hood, the i'FeKt PDF library does all the 
heavy lifting. iText is written in Java, hut I [srefer programming 
in G++. So I used GCj, the Java compiler maintained as part of 
GNL) GCC. GCJ allows me to compile flext and then link it with 
niy C++ progrim. The resuh is a stand-alone binary that does 
not need Java. Veiy cool 

‘I'he problem is that your OS X system probably doesn't Imve 
GCJ. You inu.st build GQI (along with GCC) before you ciin build 
pdftk on OS X. 1 lapj^ily, Jolin M. Gal>rielc provides instructions 
at: hup://users,I'^estwell.net/'-john3g/gcj_osx/gcj_on_osx,htnil, 
Brian D. Foy ckxaiments his experience building GCJ and pdfik 
at; http://www,oreillynet,coitvJ)ulVwlg/55hO, 


COLL£CT DATA (JSlls)(? AiO HT/V\L FOf^A^/ 
► DSLIVEK a FlUUeD-0<JT PDF FO(2M 
that WORK’S lisl PREVIEW 


Pdftk, the PDF Toolkit 

Pdftk is a command-line prognim for manipulating PDF 
docLimcnls; it is free software. I created it one year ago to luinil my 
own requitements. Since then, 1 have added featiiies that 1 
believed this free, general-purpose PDF tocjl should provide. It can: 

• Merge PDF Documents 

• Split PDF Pages into a New Docaiment 

• Deaypt Input as Necessary (Passw^ord Rec|uired) 

• Encrypt Output as Desired 

• Fill PDF Forms with FDF Data and/or Flatten Forms 

• Apply a Backgn>Lmd Walennark 

• Report on PDF Metrics such as Metadata, Bookmarks, and 

Page bibeis 

• Update PDF Metadata 

• Attach lales to PDF’ Pages or the PDF Document 

• Unpack PDF Attachments 

• Bursi a PDF Document into Single Pages 

• Uncompress and Re-Compress Page Stre^iins 

• Repair Corrupted PDF (Where Possible) 

Tlie pdftk web site (http://www.pdftk.com) describes tliese 
feaaires and explains how to get pdftk working on your system. 
Pdftk does not require Acrobat or Java, An OS X 10.3 installer is 
available for (5dfrk 1.11 from die site. AltemaLively, you can build 
pdftk yourself, a non-trivial task descrilx^d below. You must 
have version 1.11 if you want to auiomaticaliy create an FlTMl, 
form from a PDF fonn. 


After building and iastalling GCC/GCJ, download and 
unpack the lalcsi version of pdftk (currently LTD from 
http://ww^^pdftk,com. If you configured GCC/GCJ with — 
prefix=/iisr/k>cal/gcj a.s John de.scribes, then you won’t need 
lo edit the OS X Makefile. Otherwise y<?u will need to edit 
Makefiie.MacOSX so that TOOLPATll matches your location 
of GCC/GCJ. 

After unpacking pdftk l.ll, change into ihe p<lfik- 
l.ll'pdftk directoiy and run make -f Makefile.MacOSX, It will 
take aw'hile to finish compiling. When it is done, move the 
resulting pdftk program U> a convenient location in your SP.ATH, 
such as /usr/bin. Test pdftk by displaying its help page: 

pdftk ^elp 

and merging a couple PDFs together: 
pdftk l.pdf 2,pdf cat output 12.pdf 

Note ihat you cannot name pdftk's ouipui FDF so it 
overwmtes an input PDF, Also, upon success, jxiftk will 
overw'iLte files with its output without warning. Change this 
lailer behavior by app^mding dojisk to the emi of ilie 
command line, or change the ASK_ABOirr_WARNINGS setting 
in Makefile.MacOSX and recompile pdftk. 

Before we begin u.sing pdftk to fill FDF forms with data, 
let's talk alDout FDF. 

Store Form Data Using FDF 

FDF is Adobe's Forms Data Format, a file format for storing 
and managing PDF form data. FDF is usually plain text, so you 
can cremate it pretty easily using a text editor or your favorite 
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scripting language* FUF is fully documented in seaion 8.6.6 of 
the PDF Keferencej fourth edition. You can download the latest 
version of the PDF Referenue from: 
http://partners.adol>e.CDni/a.sn/tedVpdf/.specifications,jsp. Here 
is an example of an FDF file that assigns the value "San 
Frandsct)’’ to the PDF field named eily; 

^iFDF-l*2 
I 0 Cih] 

« /PDF << /Fields [« /T (city) /V CSan Francisco) » 

« /T (state) /V (California) >> ] 

» 

» 

endobj 

trailer « /Root 1 0 R » 
t%EOF 


To simplify PDF creation, I created a PHP prograni called 
forge„fdf. It takes fonii data as name/value pairs and then spins 
out the matching PDF llie prograni logic should be easy to 
reproduce in any language. Visit 

http://www.pdfliacks.coin/forge_fdf/ to download the latest 
version. In PHP, you would use forge_fdf like so: 

<7 

requlre_once C ' fcirge_fdf .php' ): 

// uac ttiiji array for itrxt IkSds* combo box, and list txix lurm tldd valncji 
$fdf_d 0 ta_str1 fig.'ll array! *city' 'San Franctficn'. 

'stale' 'California' 

// use tiib ;imiy tor check litix and radio button values 
$fdf_data_namos"^ arrayO : 

// these arenl used in this exiintple 
$fteldK_hfddon^ array!): 

$flelds_readorily- array!): 

$i:dt= torge_fdfC 

$fd±l_data_st rings, 

Sfdf_data_nanies, 

$fialda_.hldden, 

$flalds_raadonly ): 

$fdf_fn= tempna^nt 'fdf )i 

$£p= fopent $£df^fnH 'w' ): 

if( $fp ) f 

fwite{ $fp* $fdf ): 
fclose( $fp ): 

// .serve J'Dp but prompt the iLser to .save tl to disk 
header! 'Content type; appllcatlon/pdf' ): 
header! 'Content disposition: attachmonir 
■r11onamo=ri1led_for ffl.pd f' ): 

// our pdfik magic; “fktuen” mergeif tfcmi with ilie page 
passthru( 'pdftk form,pdf fill_form V, $fdf_fn. 

■ output - flatten* }: 

Ljn 1 ink( $fdf_fn ); //delete temp file 

1 

else f // error 

echo ‘Error: unable lo wriie temp fdf file: 

Sfdf^fn: 

1 

?> 


One FDF [>eculiiirity is that text field, combo box tmd list 
box form field values are represented PDF “strings/ 
where check box and radio button values are represented as 


PDF "names.” For our purposes, names and strings are the 
same; iliey are jusi encoded a little differcnily in the FDR 
That is why forge_rdf takes two array,s of data: 
fdf_data_strings and fdf_data_names; pack them 
appropriately. By default, check boxes and radio buttons use 
the values “Yes” and “Off” to represent their true and Rilse 
states, respectively. The form designer can choose an 
alternative to “Yes,” but “OfR always means false. 

The arrays rields_tiidden and rields_readonly have no role 
in this discussion, so you can ignore them. 

Now things are iKfginntng to come together. We have a PDF 
form, we liavc an FDF daUi file, and we can also see, alx)ve, tliat 
pdftk can meige these two files into a single, non-interactive 
PDF, l^et's talk about that. 

PDF Form Filling and Flattening with 
Pdftk 

The pdftk command for lllling a PDF form kK)ks like this: 

pdftk <input PDF form> flll_foriB <input FUF data> ouLpuL 
Coutput PDF file> 

The FDF input, the FDF input, and the PDI' output can be 
a filename, a hyphen (-), or "PROMI^." Passing a hyphen into 
pdftk instead of an inpui ftienamc cairses (xlftk to kx)k for data 
on stdin. Similarly, passing a hyf^hen into pdftk instead of an 
output filename catises pdftk to return data on stdout. You can 
see we used ihis kilter technic|ue in the snipfKl, above. Finally, 
you can pass “PROMF1’” into jxlftk if you would like pdftk to 
ask you for the necessary filename at run time. 

If you include the flatten ouipui option, then all ftmn field 
data is convened inu) static page elements* Ail of the interactive 
form features are remtwed, sSo the result is a plain old PDF that 
any viewer can handle. If you omii the flatten option, then fonri 
fields are filled ia match your in[>ut data, liut they also remain 
interactive. You can flatten a PDF form at any time by ainning- 

pdftk filled_form.pdf output flattenod_forni.pdf flatten 

vSo, these are the hack-end pieces to our workaround for 
online PDF forms. We tan take form data, cast ii into FDF, mcige 
it with the PDF form, and then sei-ve it lo the user. Now let's 
look into creating ilie front-end HTML form. To help us along 
the way, we’ll use pdftk to discover PDF form field inronnation. 

PDF Form Field Discovery with Pdftk 

A PDF Ibnn can have dozens of interactive Fields. Manually 
minoring these fields in iriML would be cumbersome and 
error-prone. Instead, let’s use one of p<!ftk’s reptiiiing features* 
You can learn everytliing you need lo know alx>ut your PDF’s 
interactive form fields by running: 

pdftk fftrni.pdf dump.data_fleid.g > form.pdf,fields 
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'llils will create an easily parsible plain text report on your 
form’s Helds. The oiilpui misfit kK)k like this: 


FieldType: Text 
FieldName: naTne_iast 
FleldKauieAit: La^t Name 
FieidFiags: 8392706 
FieidValue: 

FieldJystiflcatloni Left 
FialdMaxLength: 200 

FieldType; button 
FieldName: pri^vlatial 
FieldFlags ^ 0 
FialdJustlficatioat Left 
FieldStateOption; Off 
FieldStateOptlon: Yes 

FleldTypo: ChoJce 
Field Name: Select_otie 
FieldFlaga: 4587520 
FieldVaiue: a 
FieldValueDet'ault: c 
FieldStateOptlon: a 
FieidStateOptiofi: b 
FieldStateOption: c 


You am see ihal the field named title has a maximum length of 
200 cliariciers. tltal a button named previous 1 has iwt) possil>!e 
states: Oft‘ and Yes, and a cximlx) box named seiea_one lias three 
possible states: a, l>, and a Note ihw push butroas, chei'k lioxes and 
radio buttons all liave a FteldTytx; of Button. To tell tliem apart, ymi 
must ainsult the IneklHags. Siinilarfy, list Ixjxes and comlx) lx>xes 
IxHh have a biekfrype of Choice. See section 8,6 of the PDH 
Rclerencc for details on field Hags anti their meanings. We wont tx* 
IxHlieiing with them, here. 

Til is plain text report should provide you witli all the 
infonmttion you need to create an ITTMl. interface to yentr l-bmi. For 
fun, let s use PI IP to do tills automaiically, Here’s a scripl that reads 
this text teport and generates an HTML form to suit. If you added a 
“Sliort Descnpikin” to esich field in Acrtilxit, then that text will 
appeitr as the FieldNaineAli entry in our re|X)i1, Our soipt will u,se 
this infbnuTtion. if present, to laliel tlie IFIML field. 

<?php 

// Uiis fuiKtiuti tmds u duiu fik atuuxl using pdfrk dump_data_f ield^ 
function 

load field data( $fleld_Feport_fn ) 

i 

$rct_v 0 l*- arrayO: 

$fp“ fopent Sfield_report_fn. “r” ) ; 
lf( $fp ) f 
Siine* '' ■ 

$rec" array(); 

vhile( ($line- fgetsfSfp, 20481)FALSE ) t 
Sltne* rtrimC Sline )j //R!iikivc trailifig whitt'spaoc 
lf( $llne= ‘ * J f 

Ift 0< count t$rec) ) ( //end of recoitl 
$ret_val[)= Srec: 

$rec^ arrayt): 

* 

continue; // sdsip to mm line 

1 

// split line into Harm: and i-ahic 
$data_pos^ strpoa( $i±ne, ); 

Wme“ substrC Siine. 0, 5data_pos+ 1 ): 

^value^ sub6tr( Sliite. $data. post 2 } ; 

if( $name^ *FieldStataOptlon:' ) I 
// pack *itate options into tbeir own sub-array 


lf( tarray_key_eKistat*FJeldState0ptJon:■,$rGc) ) { 
$rec [‘FlcldStatc*Option: *]^ arrayO : 

} 

Srec[*FieldState0ptlon:'] []“ $value: 

I 

else t 

$recf Srtame ]- Svalue: 

) 

) 

ifC 0< count ($rec)) I //pack (tnaj reconi 
$ret„val[]= $reci 
I 

fclose( $fp ); 

) 

return Sret_vali 
I 

// open ouf web page: tl’ie form action is a st'fipt yvv provide, bebw 
echo '<htntl> 

Chead> 

</head) 

<body> 

<form method"^"POST" sction“’’pdf_form_fill.php"> 

<table>': 

// cTote the liJc (brm.pdf.fidds using pilftk's <himp_dii 3 _#k‘kis 
$field_err= lo3f1_f ield_datat ' form, pdf-fields' ): 

Forqacht $field_arr as $fieid J I //iterate form fields 
echo ■ Ctr>Ctd> ': // one mw per field 
i£(array_key_exists(*FieidNaffieAlt:*, Sfield)) I 
// use human a'ldalik; name, if avaitalik: jtm can add these tn AcrutM 
echo Sfield [ VFieldNameAlti ’ 1 : 

1 

elEe I 

echo Sfield ['FieldNarse:' ] : 

t 

echo *</td><td>': 

iff Sfieldl'FieIdType:^]= Text' ) I 

// ciHistnict an irrMl. text fiirni fiekl t(^ match our PDF text form field: 

// canniK use peri<xls in fiekl nancies with PHt* so translate tliem to tildes 
echo'<input type’"“toxt'* tiamc”'” . 

strir($iieldt^FicldName: 

// text fifki dcfiult value 

If(array_key_exlst5(* FieldValueDefault:’, $field)) I 
echo 'vaiue^"\ Sfield[*FieldValueDefault:*]. 

\ 

// text field size :ind maxlenglll 

ifCarray_k0y_n3«iflta ('FioldMaxUngth; \ SfleldJ) [ 
echo ^inaxlcngth-'^*. Sfield t'FleldMaxLengthi']. *: 

1ft Sfield['FieldMaxLengih:*] < 80 ) t 

echo ■size=”*- $field[*FieldHaxLength:'J. T 

1 

else t 

echo 'size=”80” ': 

J 

i 

echo ')*: 

I 

else if(array_key„exists{'FieldStateOptioti: \ Sfield}) t 
// use an HTML selection fiekl for all other PUJ' form fields 
//(dieck Ixjxes, radio t^tiiions, list Ixixes, ctmdiu Ixixes); 

// Ciinnot use poitids in field names with Pi JR so trarasliUe thejii lo tildes 
echo * <select name-" '. 

strtr (Sfield [TieldName: 

foreachC Sfield['FieldStnteOptlon:'] as Soption ) I 
echo ■<optjon>'.Soption.’</opLion >'t 
f 

echo *</sel€ct>T 
I 

echo '*</td></tr>\n**; 

i 

// dost our table and our HTML page:donT ftuflct the subm it birtton 
echo *</table) 

<input type^^submi t" value*"Create PDF'*) 

</ronn) 

</body> 

</htral>'; 

7> 


Now, we rteeci a eampanion script that rakes this submitted 
ditta, ixicks it intt> tlic PDF form and serves it to the user. This scripl 
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is llie jxlf_fonnJilpiip action in our above HITVIL fonn. li kx)k*s 
much like our «iriier form fiiling exitmple: 

<7php 

requice_once( * forf.php' ); 

Sfdf_data strings^ arrayU ^ 

$ fd f_d a ta_nQnie fi" a r ray f): 

a funny thir^ (Hir jHiqxisef wtf can f 5 « awuy with packing ever)!King 

if cvcryihing into fdf data ■^ringH; ihaC.s him!)' 
foreach{ $_P0Sf as"$key ”> $value ) 1 
if Lmuliic likk^ Imk to periods 

ifdf_data_stringst strtr(SkeyH * .') ]- $value; 

1 

a ignore these in this example 
$fields„h1ddcn" array0: 

$fields_readonly" arrayO; 

$fdf^ forga_fdf( * \ 

$fdf_data_strings. 

$ fd f_dat a_n ante s * 

Sfields„hidden. 

$fielda_readonly )\ 

$fdf_fn- lompnamC ‘, 'fdf* ): 

$fp” fopenC Sfdf_fn, *w* ): 
if( $tp ) f 

fvritet $fp, $fdf ): 
fcloseC Sfp ): 

header { * Content’type i application/pdf * ): 

hcadcr{ ’Content'dlnpositiont attachment: *. 
’fllejiarne~fillod_fom.pdf* >; 

passthru< 'pdftk form.pdf £lll_rorm $fdf_fn, 

’ output flatten* ): 
unlink ( Sfdf_fn ): //ddctc temp file 

I 

elup. I // error 

echo ‘Error: unable to write temp fdf file: '* $fdf_fn; 

1 

?> 


WhcTi filling foniLs ttils way, it turns out you can pass 
evcrytiiing into forge_fdf using tlic fdfjdata_stTings array; ihtfre's m) 
need to iLse fcif_data_names, Tliat’s tuindy. 

Now the Fun Begins 

We (lave done ill We liuve created an (ITML front-end to 
filling PDP forais, Tliis is where the fim begins. You can now 
take everything you know al>out web progniinrning, sudi as 
data validatit^n and tiaialiase aecess, and use it to fill PDf' forms. 
Your users will be glad, too, because your resulting PDFs will 
work in alternative viewers such as J^review, and because you 
give them a filled-oui PDF form for their records (which Adobe 
Reader dtx?s not provide). 

To see an online example of these scripts, visit 
hrtp://www.accesspdfx:om/luinl 4 xif_fonTi/. You will also find die 
cxxle, (Rioted in diis article, available for dow^nload. 

'/ill 
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WeVe all heard a lot about Java 

versus .Net, but have you ever thought 

what this conflict means to you? In this article, 
I will try to present an unbiased explanation as 

to how J2EE and .Net match up. Given the strong feelings 
people have toward programming philosophies and the 
companies behind them, finding unbiased opinions is difficult 
with marketing hype that is stuck in overdrive. This two-part 

series will help you understand how the two technologies differ and how 
they are alike. The presentation will be in the context of building a Web application 
from design right through to deployment. 
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Micrcjsol’l introduced .Net as an enterprise coinputing 
platforni that would compele loe-to-toe with Sun 
Micrososystems’ j2HR. Microsoft's move has left Java 
developers witii two options: ignore .Net or analyze it. 

platforms feature innovative ideas that should 
cross pollinate, tioi stagnate on one specific platfc^rtn. We 
all want leelmologies that add the best l>usines,s value and 
are cutting edge. So, which language works better .Net's 
C# or java? Will ,Nel spread and sweep all before it, or is 
Microsoft’s iriighty inarketing machine simply desperate to 
make to tuake us think so? 

rll Ixfgin by examining j2EE and .Net, and then line 
the technologies up to understand how each approaeiies 
common enterprise problems. To atiualize the terms and 
concepts introduced here, fl! brieJly introduce to the 
sample applicaLic}n: Joe’s Cold lieer and Steak House. Part 
2 will focus extiusively on its background code and 
architecture of lx:>c]i J2EE and .Net implementations. 

What is J2EE? 

When ([linking of J2EE, the key word Ls platform. Java 
represenus more llian just a prograrruning language, as it 
encompasse^s tJie VM lecJinology that lets ctanpiled Java 
programs nin unaltercxi on vahtJUS macliine architectures; 
tixtls to compile, analyze, debug, and deploy Java f )ro|p;mis: 
and exher components, suc h as hrtwser [>lug-ins, rich meclia, 
and more. 

Al)out ftiur years ago, ,Sun reorganized the Java 
platform into three profiles: 

• The Java 2 Platform, Micro Edition 02ME), for 

handheld and other lower-end devices 

• The Java 2 Platform, Standard Editii^n 02SE), 
targeted at desktop mac^hines 

• llie Java 2 Platform, Enterprise Edition 02EE), 
installed on server and responsible Ibr ilie ticiivy lifting 
in the Java world 

Although it's something of a simplification, you can 
think ofJ2ME as a subset ofJZSE, and J2EE as a superset 
of J2SF.. 

Defining J2EE 

J2HE is a Java-based technology, built on top of J2SE, 
that provides developers with the development tools and 
runtime capabilities necessary to build enterprise 
applications meeting rigorous uptime, security, s<alabilily, 


a nd ma inta i nabi 1 ity re<j liirements. 

The latest version of J2EE is 1.4. Sun uses the J2EE 
platform to synchronize ihe (xmsLiluent technology 
specifications for specific releases. Here's a partial J2ER 
components list: 

• JavaServer Pages 0SPis): Generate dynamic content for 
Weh bnmtiers and inoliile devices. JSP.s resemble HTML, 
especially when developers use cusiom lag libraries to 
remove Java code From llie JSPs tlieniselves, making them 
easier to main lain 

• Servlets; Build control and navigation logic into jZEE 
applications, typically following a Model-View-Conir(jller 
design pattern in conjunction with JSPs. 

• Enterprise JavaBeaiis (lyBs): The niainsmy of ihe [2EE 
platfonn. Tlrere are two main types of EJB: ses^sion l>eans 
that mcxlel business logic and entity beans that model 
persistent data. When coded correctly, EJBs provide 
rransparent scaling, a security framework, a transaction 
model, and a container-managed life cycle. 

• Java Connectivity Architecture yCA): l^is Java etiterjxise 
ap(]licatioas interface with existing non-Java enterprise 
applicatif>ns like SAP. Specifically, transactions and security 
roles am [xopagate, allowing you to fully utilize legacy 
appliaitions in a J2EE architecture. 

• Java Message Service Provides asynchnjnuus 

messaging capalXlities to the J2EE plafiorm. Estaf-jlished 
message-ariented middleware (MOM) vendors like IBM (MQ 
Series) and Tiheo (Rendezvous) provides JMS faces to their 
prtxiucts. 

• Java Manageiuetit Extension Manages J2EE 

servers and appliaitions. 

• Java Naming and Directory Interface (JNDI): A rec|yired 
part of the J2EE platform, [NDl provides component location 
transparency in a clustered J2EE environmenL 

Aldiough the following componenis are technically part of 
J2SE, they prove imponani for j2EE applicatioas as well: 

■ Java Database Connectivity 0DBC>: Tfie real l)iead and 
l>utter of any enterprise application. JDBC handles all 
database input/output via SQL. 
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• The Hotspot Virtual Machine: Can run m server mode lo 
better profile long-nmning applications with stringent 
requirements for tliread and memory management. ’Ihe 
HolSpot VM has addressed most of die initial cr^neerns about 
JZEE'S performance. 
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Figure 1 depicts these components as a 
J2EE technology stack 


The Spirit and Elho?* <if the Java Community 

in addition to tliese technoiogies, the java 
platform boasts anoiher important feature: llie Java 
developer community. 

With Java, youJl find free, open smirce tools, such as 
Am (a Iriiild tool), JUnit (a testing framework), JBoss (an 
application server), and NetBeans Can integrated 
development envirotinieni, or IDE). More exi.st, 
SoitrceForge lists hundreds of Juva^related initiatives. 

Moreover, look at tlie curriculum for any third- 
level teaching institution. In many such schools, 
students learn programming by studying Java, The 
same plienotrienon pushed UNIX from a 1970s 
research curiosity to the operating system that it is 
today. What's the ptiint here? The siuclenls of today are 
the jjrograminers of tomorrow, and they are learning 
in java and UNIX. 

What is .Net? 

What the heck exactly is .Net? Unlike JZEE's 
specification set, .Net is a suite of shipping fm>ducis 
(although some paii.s of .Net have l^een ratified as 
international standards by the European Computer 
Manufacturers Assocuition (ECMA)). 

According to MictosoIt, “".Net is a set of MicrosofL 
technologies for connecting your w'orkl of information, 


people, systems, and devices.” 

That just clears things irp! The trutli is, .Net evades 
easy definition hetrause it covers so many topics. Some 
define it as a development platform for building XML Web 
sendees, wliile others tliink it's a set of enterprise servers. 
Both lines of thinking prove correct, although neither tells 
the whole story. To get a clearer picture, lefs peek at 
.Net's basic elements; 

• Smart client software: Software for ninning a variety 
of smart clients, from personal conipulers (Windows 
XI’)t to small-footprint devices likes PDAs (Windows 
CE .Net), to sei-Lop devices (Wimlow.s XP Embedded), 

• XML Web services: Let applications share data and 
consume services provided by other applications 
without regard to how tliose applications were built, 
whai platform they run on, or what devices access 
them. .Net includes implementations of the iate.st 
accepted Web .service standards, stich as the XML 
Schema standard, in addition, Microsofi plans to 
provide many commercially available foundation 
services, called My Services, to serve as application 
building blocks. As a recent example, the 
MapPoini.Nei Web service integrates maps and 
driving directions inio applications. (That effort, 
how^ever, has lost nionienuim because partners have 
been slow to jump on board. ) 

• Enterprise servers: Producis that support enterprise 
applications by atldressing different jjaits of the ^>verall 
solution. Among the offerings in die mix are 
Application Center for deploying ancf managing Web 
applications, BizTalk Server for coordinating XML- 
based [:>Lisiness processes across applications and 
f>rganiz;itions, and the SQL Server database application. 

Figure 2 illu,stnifes the pieces of the .Net Framework, 



Figure 2: The ,Net Framework 
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A.S you can see, .Net covers a loi of ground, 

Lijie 'Em Up 

This seclion shows liow J2EH and ,Nei solve common 
issues developers face when architecting a system. To 
help frame the discussion, I’ll present each issue within 
ilie coniexi of the layer wliere it is most relevant. The four 
layers covered are presentation, business, data, and 
runtime. Additionally, Figure 3 and 4 depict the logical 
architecture of the sample application in Pan 2 for J2EE 
and .Net, respectively. 




Prei® rrfottoti r^tillon f^tjoy^r tjs ri + S 


tv 



tv 



Figure 3: lllustratioti of the sample application 
architecture under J2EE 



Figure 4: Illustration of the sample application 
architecture under .Net 


Presentation l^yer: HTML Generation 

How do tlie two competitors liandle HTML 
generation? 

In J2FF, JSPs and servlets generate HTMl. for |2EK 
apj:)lications. Tlie servlet containers include such leittures as 
session state, a security fhimework, and configumtion. Tag 
lil^raries allow the developer to cleanly separate presentation 
code from control and l jusiness logic and also make tlie JSPs 
readable to IITML ccxlei^. A new initiative called JavaServer 
Faces aiiTLS to extend JSPs to allow developers to specify lit 
(user interface) coirgxjnenLs, event handling for Hl'MI 
widgets, data validation, and navigation. CuiTently, you can 
liandle such tasks with presentation frameworks such as 
StmLs, Webworks or wingS. 

ASENet 1x1 lids and hosSts Web applications under 
Microsoft Internet Information Server (US). ASP.Net 
includes the usual .stuff: fault-Loleranl session state, 
authentication and authorization, and HTML generation. 
With ASENet, developers build ASPX pages that include 
FdTML and custom tags that map to server-side Web 
controls. Well controls encapsulate reusable user interface 
logic and provide many advanced features to ease Web 
programming. For example, input controls (e.g,, 
lexllKixcs) auLonialically maintain ihcir state frotn one 
round trip to the next, so developers can aece,ss form data 
on the .server via control properties (e,g,, textboxText), 

Business Logic 

Now' let's sec litjw the computing (>laiforms handle 
the most commanly encountered tasks in enterprise 
computing: tran.sactions, di.stributing remote objects, 
and XMT, Web services support. 

Transactions 

Developcs-s code tiunsactions to provide systems with 
tile so-called ACID propeities: atomicity, consistency, 
isolation, and dunibilicy. Simply put, these properties keep 
your sysLenVs data coheront when things go wrong. An often 
used example is tlie A'FM madiine tliat gives you $2(X) in 
aish wJiile simultancsxisly deducting die stme amount from 
your current acrottnt. All pans of that mins£ttiion must either 
commit (are applied) or n>ll back (are not apjilied), and 
wliatevei happens, the system is left in a consistent state, 
[jet's see liow eacli plaifonn handlers iransattions. 

With I2EF, devclofx.TS can eitlicT explicitly code 
transaction management (user defined or manual) or 
spet'ify the required behavior and hand off the 
management to the container (auLoniaLic mode). In most 
cases, developers tiy to delegate transaction handling to 
the FJB container. Manually managing transactioas can 
introduce subtle bugs inU> the application. Addiiionally, 
the container should prove better at transaction 
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management than yon, the developer. 

In .Net, the CLR supports both manual and 
automatic transactions. With manual transactions, 
developers begin the transaction, enlist otliers in the 
uansaction, commit or abort the transaction, and end the 
transaction. With automatic transactions, developers 
define an object's transactional behavior by setting a 
transaction attribute value on an ASF.Net page, an XML 
Web seivice, or a class. Once an object is marked to 
participate in a transaction, it will automatically execute 
within the transaction's scope. 

So which do you choose, mantial or active 
transat:tions? It depends: auto malic transactions prove 
easier to program, liiil they are much more ex|x*nsivc in 
performance terms than manual transactions. Developers 
generally cmly use aulomatic transactions, tlicrcforc, to 
manage disirihuted transactions. 

Calling Remote Objects 

With .Net and Java, business logic can be 
encapsulated into components that may exist loc^illy (in 
memory) or out of process cm a remote machine. 
Ncvertlielcss, bcHh architectures follow diflerent 
guidelines on how^ to achieve distribution. 

Location transparenc’y is a core J2EE feature. JNDl 
finds .scrvcT-sidc c:onijx>ncnls such as EJBs and JMS 
Queues, which, if lamning in a clustered environment, 
may or may not reside in the same VM. More generally, 


adl access to an EJB must go through interfaces, which 
allc>ws the application server to implement its own 
loading balancing across multiple nodes to optimize 
throughput and response time. In practical leriTLs, most 
application .servers aCtempi to keep coimnunicating EJBs 
in Uic same VM itj minimize network traffie and the 
associated marshaUng overhead. I’he developer can 
enforce in-VM execution wiili local interfaces. 

Willi .Net remoting, develoiKTs can call remote 
objects distriliuted across application domains, prexesvses, 
and machine boundaries. As ycai'd expeca fre^m any 
remoting framework, .Net remoting hides ilie nasty 
remote call details, and it formats messages and piovides 
die underlying traiispoit mechanisms. 

Whal’s more interesting, liow'evcr, is how' you decide 
whether or not to use remoting. In .Net you can’t 
automatically decide to distribute your objects as you can 
tn J2EE, Ixcause you pay a price in network latency when 
you do so. You must therefore undersUmd what you will 
receive in return. In tlie .Net world, tievelopers employ 
remoting lo increase security and ease maintenance, Inii 
not to imprewe scalability; that task ts generally achieved 
by additig Web servers. 

XMI Web Services 

XML Web services make sense for some business 
problems. Let's see how both platforms suppon the latest 
technology wave in cntcr[jnse computing. 
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By downloading and installing Liic Java Wd) Services 
Developer Pack from java.sun.com, you can begin LTeating 
Wel:> services today. J2E1!: lA provides best-iii-class Web 
services stippcm. Addiiionally, all HJB Web services can be 
consumers, and a stateless session lx?an can jrrovide a Web 
service. Specifications such as JSRs (Java Specificition 
KetjuesO 67, 93, 101, and 109 enliance ifie Web services 
su[:tport in tlie java piatform, jDroviding service naming, 
lookup, invocation, and usage ftmctionality. 

Microsoft placed XML Web services at .Net's core and 
it shows. .Net contains tiie latest accepted XML Weir 
service standards {such as the XML Schema standard). 
Morecwer, Microsoft, which groups Web services-related 
standards as Glotjal XML Web Services, actively promotes 
Other needed Web services standards. 

Data Access 

Enterprises revolve around their data, often stored in 
multiple, heterogeneous data stores. Both technologies 
provide data access and persistence strategies, so let's dig 
a little deeper. 

Persistent data is typically modeled as entity beaas. 'Ihere 
are two main types: ajotainer-maiiaged and liean-managed 
persistence (CMP and BMP, restxxtively). Bulli let devcloj)ers 
tap into container-provided services siicli a.s tran.saction 
management, a |iersistence fnimework witli ijatelligem 
datalra,se ufxiates and aid ting, and a security franicvvork, as 
well as, leveraging the container's innate characteristics such 
as .sc:;jlabiiiry' and fault tolerance. More genemlly, there is a 
Java ]>ackage to access aimo.st any tx>rf>oniie data .source you 
aire to mention. 

Developei-s can access a variety of data sourcejs, 
including XML. ihrough .Net's ADO.Net classes. Although 
ADO, Net gets its name from its predecessor, ADO 
(ActiveX Data Ohiects), ADO.Net is a rewTite rather than 
an upgrade. As you’d expect, ADO.Net includes data 
providers that let you connect to a database and execute 
commands. Developers can also transport data over the 
Wel> using XMl. Web services or across proces.s 
boundaries using .Net remoting. 

Platform Comparison 

Next, let's examine both platforms to identify their 
common and divergent areas. 

Execution Engine 

Tfow do J2EE's and .Net’.s execution engines—the 
runiirne arciiiLeciure ifiat compiles and executes 
code-—coju pa re? 

Java source code compiles into machine-independent 
byte code, which the JVM interprets at mntime. With that 
in mind, the particular installed ^JVM proves crucial to 
performance and scalability. Sun supplies its HotSpot VM 
with Java, and other JVM implementarions exist, such as 
IBMVs^r™ or BEA Systems’ JRockit. 


As its name stiggesis, HoiSpoi looks lor repeatedly 
executed code sections, then intensively optimizes ilieii]. 
Hotspot doesn’t just have great scalalMlity and 
performance; it also supplies the siandarcl conrigumble 
security model for code Loading and execution. 

As a final feature, Java's JVMs leverage their host 
machines' strengths. For example, JVMs optimized for 
Solaris will take advantage of lliat operating system’s 
special features, such as daread management. In this way, 
java applications running on Solaris nxichines can scale 
up to more tlian 100 CPUs, 10,000 threads^ and 100 GB 
of RAM per virtual machine (on the riglit hardware). 

The CiR environment executes .Net’s Microsoft 
Intermediate Dmguage (MSIT., or just IL) c:ode. Like the 
JVM, the CLR also offers support services, sudi as code 
verification, memory management via garbage 
collection, and ccxle security. When you throw in an 
extensive set of Framework Class Libraries (FCL), you 
have the .Net Framew^ork. 

The JVM and the Cl.K may look like identical twins, 
bill tliey're more like cousins. First, Microsoft designed 
the CLR to support multiple languages, whereas the 
JVM supports only one—-Java. Microsoft currently 
j)rovides CLR-compliant version.s of Visual Basic, 

C++, JScript, and even Java. Other vendors are also 
working to support additional languages, such as 
COBOL, FOHTRAN, and Perl. 

Second, in .Net, managed code always translates 
into native machine code ratlier than interpreted. The 
CLR, unlike the JVM, suj^ports compilation from the 
start. Altliougli all JVMs provide jusuin-time (JIT) 
compilers or HotSpot today, the JVM was onginally 
designed as an interpreter. 

Third, consider .Net's support for application 
domains. Application domains resemble processes; they 
[provide ihe same isolation level withcHit the overhead 
that comes from rruiking cross-process calls or swiLcliing 
between processes, because they can mn within a single 
prcjcess sp:K‘e. 71iai ability to run multiple applications 
within a single process dramatically increases server 
scalability, something not supported by^JVMs. 

Cross-Platfonn Portability 

Platfomi jxxtability is an area where J2EE and .Net differ. 

J2F.F offer.s complete cross-platform portability. If 
a JDK exists for your target platform, then J2FE can 
run on it. The ability to support Windows and 
mainframes anci everything in between represents a 
big J2FE aiiraction. 

The CLR includes a JIT compiler iliat translates IL 
into machine code running on target platforms. 
Currently, .Net only supports the Windows platform, 
but in theory, other platforms could liave their own JIT 
compilers. For proof, consider the Mono project, an 
effort lead by a Linux company called Ximian to build 
an y}>en source .Net iniplcmenlation. 
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Straight 6 se(ond billing imrdm^hfs 

Excellent rates on intrastate, intralata/toll colls 
and international coiling with no term contract. 


Language Support 

Ag;!in, language suppun i.s anuclier major 
differentiator liet^v'een the plathirnis. 

Under J2EE, you are tied to Java. If you want to use 
another language, you’il liave to do it via an tnlcrface 
technology like the Java Native Interface (JNl) or via 
Web services. 

.Net is language independent and can use any 
language once a mapping exists froni that language to IL. 
At die time of tliis writing, several third-paity vendors 
have produced language eoni[)iler,s that target the CLR; 
examples include NetCOBCJL from I\ijitsu, and Visual l\"rl 
and Visual Eyihon from AcriveSrate, with others on the 
way. Because all .Net languages share a cotnmon type 
system, developers can safely pass types written in t)tie 
language to ct>de written in another. I'hey can also Lise 
llie unified Framework Cla.ss Lihniries in any .Net 
language, saving theiti from having to learn how to W'ork 
with many different implementations. 

This does not mean that ever\^ developer on a 
team should use a different language. It does mean 
that companies have more options, allowing them to 
clK3ose Llie best language for ihe job ha,sed their 
developers* skills, 

Standards Support 

Since botli J2EE and ,Nel target the enterprise, we 
need to kxik carefully at how^ each platfi>!in suppoits the 
tccimology standards that underpin die work! of 
e-commerce. 

Anyone can prtipose a JSR for a new^ platform 
exlension, and ihe Java Community Protress (JCP) does a 
great jol> keeping Java technology open with input From 
IRM, HP, REA Systems, and many other paiticipants. 
Adding to the iangiiage itself, however, proves nearly 
impossible. sSun is conservative about introducing 
changes to the Java language—a gtx^d idea, in my 
opinion, a,s it keeps the platform stable. 

Microsoft has long been cnticizcd for tightly 
controlling its techncilogies. However, the company took 
a huge step forw^ard when it submitted C* and the Cll to 
ECMA for ratification. On December 13, 2001, the FCMA 
General Assembly ratified the C# and CLI spedficaliuns 
into imernadonal standards, allowing others to participate 
in their evolLilian. 

Totils Supp4»rt 

Tools support is important because it affects 
developer productivity. 

Java features a plelhora of tools, which is toth good 
and bad: the developer has a great deal of choice, hut 
might have difficulty choosing the right tool for a given 
job. For example, while you am choose from numerous 
IDEs, wliicli works l>esl? It depends on the project! More 
generally, debugging support is good via the Java 
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Platform Debugging Architecture (JPDA), and the arrival 
of Ant and JLInit has given the Java community a standard 
build tool and unit-testing framework, respectively, 

Microsoft's long and successful development tools 
history continues with Visual Studio *Net, the single 
IDH for building *Ner applications, whether yoifre 
building Windows applications, Web applications, or 
XML Web services. With Visual Studio ,Nei, you can 
choose any .Net language. From the developer’s 
viewpoint, applications are built using a single IDC. 
Visual Studio .Net boasts too many features to address 
here, but it's worth mentioning the new Server 
Explorer feauire. Wiih the Server Ex[>iorer, developers 
can access server resources (message queues, 
performance counters, data sources, and so on) 
without ever leaving Visual Studio .Net. 

Vendor Support 

Again, like platform stipport, vendor suppori 
means different things in tlie .Net and J2EE worlds, 

Vendtjr supjxjit represents a linchpin of the J2EH 
world IHM, lit'A Systems, Sun Microsystems, Onu'le, 
Jlioss.org, and many others offer a wick- variety c>f J2EE 
products. At jiresent, however, oj>en source vetidors 
cannot l>ecome J2EK-ceiTified—a contradiction that Sun 
should resolve to allow open sotirce J2EE offerings to grow 

At the moment (and for the foreseealile future), 
.Net is a Microst)fi platform. That could be eitlier good 
or bad, depending on your viewpoint. On the plus 
side, developers need nt)l worry alxjut a dizzying array 
of choices, about inconsistencies in various vendor 
implementations, or about standards compliance. On 
the other hancl, ,Net locks yt>u into Microsoft. For 
example, .Net runs only on Wintel machines. 
Depending on your organizatkm, that lock-in may or 
may not be an isstie. 

Thoughts to Consider 

Having walkerl through the main points that any 
erUcTt>rise teclinology must address and evaluated 
J2EE and .Net for each one, what do we think about 
our respective causes? 

On One Hand.,, 

.Net represents a real challenge to J2EH, and, with 
Microsoft',s integrated tools support and ASP.Net, it 
seems very developer friendly. However, with 
initiatives like the NetBeans IDE^ innovative features 
like hot deploymenl of server-side components, and 
free tools like Ant, XDoclet, and JUnit, developers can 
he productive with J2EE right now* 

With .Net [he same age-old concerns remain: I 
don't want to be tied to Windows as an operating 


system, and I fear the associated risks in doing so. 
Microsofi has a poor track record in security, uptime, 
and stability wJieii compared to Unix, In comparison, 
Java's seven years in existence, combined with Unix's 
decades-long ev{)liiii<m, make the Java/Unix 
combination potent where it counts: miss ion-critical 
production sites. Furthermore, I remain .skeptical of 
Microsoft’s new apparent openness toward tcchnoh>gy 
standards. Has the leopard changed its spots? I don’t 
believe it has. 

On the Other Hand... 

So wJiich is better? .Net or J2HH? While it's an 
obvious question to ask, it’s the wrong question. The 
more relevant t|uesLion is: What problems are better 
solved with .Net? For starters, .Net shines in its strong 
XML Web services support. 

Furthermore, Micro.soft will likely continue as one 
oftlie first vendors to implement the latest Web service 
standards, given its leadership role in these standards' 
development* .Net also shines in productivity. 
A.SP.NeF*s familiar event-driven pnjgramming model 
[uakes programming the Web dramatically easier than 
anything I've seen before. 

Whai ahoui seeuriiy and stai)ility? Microsoft's track 
record in these areas is stLspect, Uut much has 
changed. Dust October 2001, Microsoft announced a 
massive security initiative to protect customer systems 
from Internet-based threats. W'e’ll see wJiether 
MicTo.soft's efforts suffice, but based on my 
conversations with Microsoft people, Microsoft 
appears more serious about security than ever. In the 
area of stability, Microsoft efforts have paid off, 
reaching 99*999-pc^rcent reliability with Window*s 2003* 

Summary 

So then, should a development shop already 
committed to either J2EE or Micrexsoft-based 
technologies switch? And if so, what would that 
involve? 

I don't think that either side should *switch. .Net 
represents a strong effort by Microsoft to put together 
a cohesive server-side platform for its clients. J2EE is 
already there. Wlio will reskill an entire development 
organization to .switch? Do compelling reasons exist to 
switch from .Net to J2HK or J2KF to .Net? Absolutely 
noil If your development organization already excels 
at Java development on multiple platforms, then .Net 
is not for you. Likewise, if your organization ha*s 
invested heavily in ASF, COM/DCOM, and Windows, 
then moving to J2EE makes no sense either* 

In Part 2, well dive into the code behind a 
business example—Joe's Cold Beer and Steak House, 

Vill 
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MAC OS X PROGRAMMING SECRETS • by Scott Knaster 


ADHOC/MacHack: 

I Love the Nightlife 


In ilii.s inonih’s column, HI 
descii[>e my visit to ADHOC/Macl kick 
19, wliich took place July 21-24, 2004. 
Wrapped inside is some actual 
technical content, a nifty iPod project 
that isn't nearly as cool as Tim 
Monroe’s pro^nim-yourdPod article a 
few issues ago, hut that has the 
advantage of being aaually real. 

Day 0 

It's Time To Start 

AUHOC l>egins on Thui-sckiy, but it’s 
Ideally Wednesday, and.„wcll, I'll just let 
Uiis exchange from the conference FAQ 
explain: 

Q: When should 1 be there? 

A; The best time to arrive is 
sometime on Wednesday 
before the conference begins. 
The conference begins at 
midnight, Ihursday, wliich is 
really just a minute after 11:59 
PM Wednesday. Don’t get 
confused and tliink that you 
can arrive on lliurstlay. If you 
arrive on Thursday, you’ve 
already missed the keynote. 


So I got on a plane on Wednesday, in time to arrive and 
waU:h the keynolt! as Thursday Ix^gan. My flight from S:;in 
Jose to Chicago was late, of course, which managed to ciil 
Li]:> my layover time at O’Hare almost jierfealy. Due to a 
quirk in the universe, I was able to trade little-used frequent 
Oier inile,s for a seal in [im class, wiiidi meani more .service, 
a bigger seat, and, I’m pmtty sure, a higher quality of air 
freshener. 

1 arrived in Del roil jusi late enough to have missed 
my chance to attend a baseball game, and headed to die 
gioriotis Holiday Inn Fairlane in Dearborn, home of 
ADHOC/MacHuck. 

< hrtp://vwvw.ad hocconf.com/index.html> 

Day 1 

Night Fever 

1 eheeked in at the liolel, leaving my cafjle-and- 
battery-laden bag in my room. I registered for tlie 
conference and happily greeted beloved organizers 
Carol Lynn and Maiiriia Ploiiff. Then 1 headed to the 
ballroom for the first event of die conference: die 
midnight keynote (plus pizza — there’s a lot of junky-hut- 
ftm eating ai this conference). 

This year’s speaker was the famous t^avid Pogue, star 
of books, the New York Times, and many a Macworld 
back page. The keynote was a.stensil:>ly a flout coo\ Mac 
lips and tricks, or something like that, but no MacHaek 
keynote ever stays on track for long. You see, we nerds 
have no social graces, .so as soon as the speaker begins, 
we start to “inieracD with him - not by heckling, cxaetly, 
l:>ut by adding our owai comments, stories, and questions. 
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I f you're a Mac programmer, you've attended your share of computer 
conferences, such as Macworld Expo, Java One, and Apple 
WWDC. But unless you've been there, you've never experienced 
anything like ADHOC, the Advanced Developers Hands On Conference, 
formerly and still occasionally known as MacHack. ADHOC starts at 
midnight and takes place in the tourist mecca of Dearborn, Michigan, 
and those facts give you a good start toward understanding just how 
strange and wonderful ADHOC is. 


David said he was nervous, because he fell he was 
less technical than everybody in ilie audience, which 
he probably was. He thou^hi lie would have nutlhng 
lo leach us, but he was waong. Hven when he revealed 
a tip that most incmljcrs of the group already knew^ 
about - in one case, somebody knew alioui a up 
bet:ause he was the programmer who had actually 
written the code for it - David stayed spontaneous and 
hilarious, and the crowd a[J|)recialed it. David dealt 
superbly with the ADHOC style of interactivity, 
listening to all comments and responding lo them, 
even when they required him to change the ever- 
anihling course of his talk. 

At one point in the talk, some of us nerds clecided 
we weren't multitasking enough, so we started 
interatling with David electronically, A couple of folks 
used iChat's Rendezvous feature to send notes to David 
w'hile he was talking. I started fiddUng witli my 
Hluerooth-enabled pheme and managed to bluejack 
David during his speech. He took it all in good humor, 
along with all the other geeky antics. 

David con dueled after touring through a bunch of 
Mac OS X Lips, kns of editorial comments, about a 
million jokes, and even a few of his well-known parody 
songs, including “Don’t Cry For Me, Cupertino" and “7'he 
Girl I Met by E-mail“. ADHOC keynotes go on for hours, 
and David finished up at an impressive 5:40 AM. David’s 
presentation was wemderfui, and enjoyed by all the 
geekxS in aLLendan<:e. 

<http://www.davidpogue.com/sonQs.html> 


One of ADHOC's oft-repeated mottos is “Sleep is for 
the u^eek ancl sickly”, but 1 prefer a little preventative rest 
to avoid Ix^-oming week and sickly. So after hanging oui 
post-keynt)le until about 4^30, 1 headed off to bed. 

Day 2 

We Belong To The Night 

One of the Holiday fnn Fairlane's finesi and niosi 
important features is the superthick blackout curtains 
in the rooms, which prevent any trace of sunlight 
entering iu disturb sleep. Taking advantage of these 
wonderful curtains, wiiich w^ere probably installed 
specifically for our little conference, 1 slept until the 
sLill-early lime of 10:30, when I had to prepare for ihe 
ADI IOC session I was pre.senting on wa iting books at 
11:00, I was told that t would have few attendees at 
thai early liour, but that more folks w^ould trickle in as 
we approached noon (nobody w'ants to sleep through 
a meal). So, in the spirit of the conference, I decided 
to present the session backwards, beginning with Q 8c 
A, then the summary and miscellaneous info, and the 
important stuff at the end. This worked out OK - 
cveryl>ody understood and appreciated my meager 
attempt at adding entertainment value. 

After lunch, I starred to think about w'orking on 
my hack f^rojeci. In previous MacHacks, the ,soul of 
the conference was the attendee hack projects. People 
at the conference were encouraged to cook up some 
weird and fun programming project while they w'ere 
there - something they probably wouldn't find time to 
work on while back at home In the real w^orld. On the 
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third night, attendees would get a chance to show off 
their work in a marathon hack show, featuring 
MacHack-style interactivity. The final night featured 
the awards banquet, at which contest honcho Scott 
l3oyd bestowed weird and appropriate prizes on alt 
participants - last year I got a bag of rocks. 

<http://wvvw.hax,conri/Ma cH ack/H ac kContGst.htmb 

For a variety of reasons, the final hack contest took 
place in 2003. This yearns conference featured a 
reasonable facsimile called the AE)HOC Labs Showcase. 
Although the name, details, and traditions changed, the 
important bits - attendees hacking, showing off their 
work, and receiving awards ^ were pretty much the 
same. Kveryone at ADHOC is encouraged to create a 
hack, even the non-programmers, For example, Mac 
maven Adam Engst hacks the hotel itself by hiding 
(sometimes in plain sight) a four-foot wooden stake 
somewhere, which slays in the hotel until he can 
retrieve it the following year. 

As a professional explainer, T’m not really a 
programmer, and T had never attempted a hack in my 3 
previous MacHacks, Thi.s year was going to be differentr 1 
wanted to hack the iPod. 

Although some hack purists insist on waiting until 
Friday afternoon (that is, the last minute) to start working 
on their hacks, 1 was much more cautious, 1 wimpily 
started on my project with more than a day to spare. 

Every iPod Lliat lias the Notes application includes 
a liule-known feature called ^museum mode*'. With 
judicious use of museum mode, you can actually 
prevent users from getting to the standard iPod 
commands, and replace them entirely with your own 
custom user interface. Of course, there*s a catch: your 
new LII can only take advantage of tlic iPod^s notes 
features. Even with this [imitation, you can do a lot. 
Notes can display text (of course), link to other notes, 
and even play music. 

The trick to stealing the iPod*s user interlace is to 
create a note with the following text: 

<meta naiiie=*'NotesCnly” coTitent^"trije''> 

If you save this file with the name Preferences (or 
Prefcrences.Lxi) and put it into the root of the Notes 
fcjlder on the iPod* then reboot the iPod, it will no 
longer display the familiar commands t)f the main 
menu. Instead, the iPod will only show the names of 
other files and folders in the Notes folder. Score! 

My plan was to use museum mode to cx>nsmK:t a 
faked-up “Super iPod“ with all the features that have 
been rumored for the iPod over the past few years. Of 


course, these “c^>mmands” would actually be notes. 
On some of them, 1 would create dummy interfaces for 
the “features". What 1 lacked in technical virtuosity, I 
would have to make up in comedic value, a standard 
MacHack technique. 

Furthering The Hack 

To make my iPod notes hack, 1 first crreaied the 
Preferences file. In addition to the <mcta name> tag 
sliown above, I added anotlier tag; 

Ctrltle^Super iPodC/titl^> 

This title tag lets you replace the text that normally 
appears at the top of the screen with whatever you want. 
Adding this lag to the Preferences note made sure that 1 
would see “Super iPod*’ at the top of the screen when the 
iPod started up, which would enhance the illasion. 

Next, I wanted to figure out which fantastic items my 
main menu screen would contain. After a judicious review 
of the best iPod aimors, I came up with these choices: 

Music > 

Pictures > 

Telephone > 

Video > 

To simulate these Super iPod features, 1 created a 
folder in the Notes folder with the name of each feature. 
You’ll note a very imporuint hidden feature of these 
commands: tlieyVe listed in alphabetical order. The Notes 
application always displays files and folders in 
alphabetical order, a fact 1 had to keep in mind when I 
picked die names of my super-features. I had hoped to 
use another esoteric notes feature, the main.linx file, to 
list features in whatever order I wanted. But 
unfortunately, when T created the main.linx file, I 
discovered that Notes didn't display the right-arrow after 
the names of the folders .such as Music and Pictures, 
which destroyed the illusion that those were iPod 
commands. So I had to abandon the main.linx technique 
and avoid other “features" (such as Backlight or Settings) 
that would appear out of their natural order. 

Now it was time for die social engineering part of my 
hack. What should happen when 1 delved into the Super 
iPod feature.s? T wanted die Music command to actually 
play music, because that's what an iPod does (and it's 
one of the things you can do from Notes). The menu I 
built inside the Music cfimmand looked like tliis: 

Albums 
Artists 
Composers 
Playlists 
Shuffle Songs 
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These weren't in proper iPod (irder^ bin I hgured it 
w'as close enough for iheir cjuick appcanince during the 
demo, For the last item. Shuffle Play, J used another Notes 
trick: the Jink hie. ! created a hie cilled shuffleJink, with 
the following contents: 

<title>Shuffle Songs</title> 

<a href"‘*6ong“Invasion of the Gabber 
Robots”>Shuffle SongsC/a> 

The href tag plays the given song. Putting the tag into 
a file with the .link suffix lells Notes to siaii playing the 
song as soon as tlie user selects the note on the iPtKi. The 
title tag hides the file’s taie name and replaces it with 
anolher, in this case “Shuffle Songs", w^hich is how' we 
want it to appear in the Music menu. Tlie effect is that 
wfien the user clicks Shuffle Songs, the song will start 
playing. The oilier notes (Allnims, Artists, O>mposers, and 
Playlists) are fitst dummy files. 

Adding Features That Don’t Exist 

Now that 1 had faked music playing, it was lime to 
work on the Super iPod features. For the Pictures 
“feature", I decided to simply add a set of ftilders cliosen 
for their humor value, since I wasnT really going to try to 
di.splay images on the iPotl. I aside the Picture.s folder, 1 
added lliese folders: 


blackmail > 
Hawaii > 
kitchen rf^tnodel > 
MacHack 185? > 
not cafe for work > 
vacation 2003 > 


Because 1 wTisn't going U) open any of the fitlders, I 
simply left them empty. Hie next Team re" I worked on 
was Videt>. I added some files and folders la the Video 
folder: 

Ardussi*s greatest hits > 

1. Robot 

iMovie Store PurchaKss > 

Pooty Tang 

Star Wars EpUode ITT 
The Tncrediblee 

JJie items with the greater-than sign w'ere folders, 
and the others were files. As with the Pictures folder, 
I wasn’t going to do anything with tliese items other 
than just show^ and joke about them, with one 
exception: The Inc:redibles. All the folders and files 
were empty except for “The Incredibles"* Inside dial 
file, 1 put the following text: 

Th^ MFAA filterbot has detected the presence of 
unauthorized content. Local law enforcement 
authorities have been informed. Thank you for your 
cooperation. 

Visit Univeraal Stud I os I 


“The Incredihles" is, of course, this fall’s new release 
from PLxar. After ! finished .selling up the VkletJ folder, 1 
moved on to the Telephone “fealure". My idea lor 
Telephone was to fill the folder with names of people, 
one per note, as if ifiey were conlacLs. I pin files into the 
Telephone folder like so: 

Adam Engst 
Alaska Alrlinas 
Andrea Ammartnan 
Asa t^oriega 
David Shayer 
Jef Raskin 
Miirishall Clow 
Nevin Liber 

I intentionally listed Adam first [xxau.se he Imd tx.xn 
talking earlier in the conference alx^ut how* he’s often listed 
first in cell phone address Ixxiks and so gets more than liis 
share of accidental l-fo!gol-to-l(K:k-lhe-plione calls. By listing 
liim first, I w*ould help Adam pnwe lus ixiint - and cion 
another laugh, f hoped. 

All the contacts were simply empty files, except one: 
Jef Raskin. l‘or some reason, this year’s conference 
ineJuded a never-ending series of jokes and comments 
a[)oui jef, I decided lo add Jef U> my Super iPod and to 
actually call him tiiere on stage wlien I was demonstrating 
my hack! Well, apparently. 

What I really wanted, of c'ourse, was to display Jef.s 
cuntacl info, including [ilione numl)ens. Tlien, I would click 
a phone numluT, and the iPcxl would "dial". At tliat |x>int, I 
w^ould sity something like ‘ Well, ifs late, and we really don’t 
want to lx)tJier liim right now", and I would press Menu to 
“hang up" tlie “phone". To dial convincingly, I w^anted the 
iPexJ to play a series of rvrMF tones. Asking Mr. Google for 
helj>, I quickly found a site that would turn any .string of digiLs 
into the cx>rresponding DITVII’ tones. I added the tone-soiig 
to my iTunes library-, them moved it to the il^od. I then created 
Jef Raskin’s cxmlact note, like this: 

Jef Raskin 

1313 Mockingbird Lane 
Palo Alto, CA 94030 

home: <£i hreC=’*£icng^raakin‘’>65{>-555'8?36</a> 
work? <a hre£=”sone=^raskin“>650 ‘ 555-2947</a> 
iDoblie: <a href='*son3“raskin">415’555'7799</a> 

Notes 

Liken fondue, old tnovlea, and formal arguments. 

A,s ycni can see, I wired up all three (hike) phone 
numbers to die DTMF file. When 1 selected any of the 
phone numbers, the tones would play, just as if the iPod 
were making a phone call. My Super iPod was ready. 1 
W'as even luc:ky enough to bcjrrow a branch new 4G iP<Kl 
for the demo from David Shayer, wlio also hel[X^d me get 
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the hack up and running. 

With iny hack all set to go, I could enjoy ilic second 
nighi's keynote speccli by Sieve Haynian, an Apple 
engineer who works in Toronto, Sieve’s speech was fast- 
paced and funny, anti filled with great hacks. Steve’s he.sl 
trick was using Apple Rernole Desku>j> and a bit of script 
to make a line of Fow^erMac Cj4 l3esktop.s in the next 
room repeatedly open and close their DVD trays. Sieve 
and his able as,si,stant Dar^^l Hawses even rigged an ISiglit 
cameni and iChat ro verify^ the remote tray antics. After 
Steve’s session and the requisite hanging around and 
munching cold pizza, 1 turned in about 5:45 AM, 
Tomonow was anotlier day — well, actually it was the 
same day: Friday, 

Day 3 

What Day Is It? Can You Please 
Tell Me? What Day Is It? I’m 
Confused, You See... 

Friday dawned bright and clear, i)rcjbably. But I wasn’t 
tliere to see it. I sluiOled tC3 my feet just Ix^tbre nexan and 
headed down to, er, lunch. Willi my hack in the Irag, I 
devoted Friday to .stx;ializing, attending sessions, and the 
ineviuible road trip to Zingennan’s, tlie incredible deli in Ann 
Arbor alx>ut 30 miles away. Zingerman's is a 
MacHack/ADHOC tradition. Long live |:x)tato knLshes! 

<http://www.zingermans.com> 

As the hack showc:ase approached, I mentally went 
over my presentation. I cunctxied a story in which I 
claimed I found a strange iPod in the bushes at Apple 
after parking my ear for a neari>y restaurant. I started 
playing with the strange iPod. and...behold! Super Q^od! 

About 5 minutes before the show was supposed to 
.start, I .siitkleniy had an idea for something new to add. 1 
had planned on “dialing’' Jef Raskin and then hailing out 
of the "‘call”. But I had a Belkin Voice Recorder for niy 
iPod. I could use it to re<xird 'Jefs” answering machine, 
then play the recording after the DTMF tones. I ran out of 
the ballroom and found a quiet corner where I recorded 
the message (gol it in one take). 1 had just enough lime 
lo change JcPs contact file so that the secorfd phone 
numl^er wa.s connectetl to the “answering machine 
message”. All T had ro do was select and press the second 
link - it would happen loo fast for anyone to notice, 

I got to demo Super iPod a little while later, and it 
went pretty^ well, although projecting the iPcjd’s screen 
proved lo be a challenge. Of course, the highlight was the 
fake answering machine, which proves an okl adage 
about demos: the test part is the part you added rigiit 
befoix^ the demo, 

'Fhe show feamred lots of great demos, as always, 
and 1 got to bed at the iinu.3ually early (for ADHOC) hour 
of 3:15 AM, 


Day 4 

‘Round Here We Stay Up Very, 
Very, Very, Very Late 

Saturday is always the la.st day of the conference. 
There are fewer .sessions to attend, so there's more 
catching up with okl friends and general socializing. 
The day is capped by the awards banquet, with 
everyone anticipating both their own prize and the 
overall w'inner. I received die “ADHOC Prize in 
Women's Sludic.s”, ap[xirently because in my session 
on writing htxjks I jokingly claimed that being a 
technical hook writer w'cnild help you gel a dale - he 
careful whaL you .say al this conference. The actual 
w'inner was Jorg Brown for his wonderful 
Unsiimmarize, a Mac OS X service that lakes a iheme 
.senience <jr iwo and expands upon it, exactly the 
reverse of Summarize, which you'll find in your 
Services menu right now (it’s in the Application menu). 
Tn the great spirit of ADHCDC, Jt>rg was inspired by a 
comment David Pogue made during his keynote, 
wishing for a program just like Llnsummarize, and jorg 
put it together in less than ^i8 liours. 

After the bantiuel, in another great ADI IOC tradition, 
we all went to a nearby theatre to make fun of a new 
movie, Thj.s year's targel wa.s ‘T, R(3bot”, anti it certainly 
[xoved w'orthy. And after the movie, the attendees were 
treated to a lively movie discussion by Keith StartenfiekL 
star of "Keith F.xplainsI”, this year for the first time 
parik'ipaiing via iChal video conference. And then it was 
morning again, and time to go to sleep. 

<http://www.keithGxptains.com> 

Day 5 

Steal My Body Home! 

Stinday moniiiig features hleary-eyed attendees catching 
cal>s and shuttles ancl returning to their regular lives. As I 
sHilepped my bags to the taxi, 1 UX3k a last kx>k at the 
majestic lobby of the Holiday Inn F'airlane, It was another 
great time at MacHack, even rhough it’s now t:aned ADFIOC. 
1 knew I would give (alnxxst) anything to be back next year 
at tliis most uniquely geeky conference. 

Plus, on the wuy to the airptirt, T saw the World's Biggest Tire. 

i\\\ 



Abauf The Author 

S(oit Knosler writes books, iododing the recently 
pul^shed Mac Toys and tlie 6ram/-flew Hacking 
iPod and iTuiies, both from Vliky Scoff 

Hin'f read and llrjfon fo ncai music of the some 
' fune. Scoff wrifes these little bios in the third 
person. Wiite to Scoff of stettki§ma(tedi.com. 
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Active Directory 

& 

Mac os X 


Fitting in, not standing out. 


Ancient History 

Many in the Mac IT conuniinity wOl recall the Windows 
revolulion and its iin[>ad on Apple's place in the tnarkef. Microsoft 
ix^gan lieavily proiiKiting NT, selling iLs centralized managemeni 
nipabilities (which apjx^aled to the rapidly professionalizing held of 
desktop TV management) as well as Apple's seeoiingly delayed 
rcadion. You could make a case tliat Apple's stnueg^^ in this area 
was uasuccessft]l and may have hid scjme degree of negative 
impact on its overall market share. In 1993 when Windows NT 3 
was intixxluced Apple enjoyed a nearly IM market sliare. By 1997, 
1 year after N*r4's intrcxJuction, Afijile's market slwe had declined 
to aiound 4.4 %, and Microsoft had made great inroads, particularly 
in the server S|race, into stjme erf Apple's core markcLs. Ratlier than 
enilaracing and fitting into tlie infrastnictnres tliat its customers hid 
chosen, Apple conrinueci to employee strategies that liave not ix^en 
proven successful in tfie enterprise marketplace. 

History Reloaded 

In 2(X)3, Active IMreaory (Micrcxsofl'^s Directory Services 
produa) was in much tlie same position tliat Windows NT was in 


By Michael Bartosh 


the late 1990's. In its second revision (as a part cT die Windows 2(XJ3 
server product; die first was included witli Windows 2000) Active 
Diiectory liad achieved a deep level of penctnition into several of 
Apple's core markets. Once again, Apple had a decision to make— 
embrace tlie idea of heterogeneous multi-vendor networks driven 
l)y ad-hoc market standards, or retreat to its less siicciessful roots. 
Luckily in 10.3 Ap[>ie seems to liave at least tentatively chasen die 
former patli, engineering into the Mac OS X specific capabilitie.s for 
integnttion witli Active Direttory. This is a new and fx)id step 
forward for Ap[)le, and somediing tliat goes a long way towards 
bring legitimacy to Apple in enterprise and iastitutional markets. 

The Active Directory Plug-in: 

Features 

Active Directory Integration Is nothing new to Mac OS X— 
previous to Panther a certain level of interoperability was feasible, 
Feasible, however implies neither seaire nor straightforward, to say 
noifiing of the simplicity Mac: users are ac:cu.stomed to. The pix)blem 
widi pre-i03 configurations is tliat they were tedious, complex, and 
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rektivdy insecun;. There was no standardized or cxiasistent 
integration procedure, and the result was typically a mess of hacks, 
work-aioiinds and duct tape. Additionally, really complete solutions 
tended towards intrusivcness, often requiring extensive changes to 
tlte Active Directory. 

Panther's Active Directory Plug-in provides a simpler and more 
full-fealurcd platform for direaory services configuration. It supports 
a number of line-item futures (which rll cover) but its single nK>st 
important feture is not a line item ai all, but a basic architectiiial 
principal. It seeks to emulate a Windows client as niucli as possible. 
Its communication with the Windows domain is nearly 
indistinguishable from its Micrcjsoft-bred counterparts. Its goal is to 
integrate as seamlessly as fcasii)lc into tlie inlTastnictLire that many 
of Apple's customers liave chosen, requiring no infm.siruc:tute 
changes and little massaging or special treatment. Beyond diat 
strategic goal, iLs spedfic features are many* 

* Single Sign On: llie Active Directory plug-in leverages tlie 
extensive client-side work Apple Itas pursed in order to 


We mean 


effectively make use of the Kerberos aothenticadon protcx-ol. 
Kerberos is Active dire<lt>ry'\s native authentication platform, 
and effective Active Directory integration demands a mature 
Kerberos environment. When a User logs into Mac OS X using 
an Active Diiectory acxx)unt itK^y are granted a TGT (ticket 
granting ticket) wliich ultimately allows them to access 
Kerberized services— including Exchange's Ouilcx^k Web 
Access— without having to aulfienLicatc again. 

• Windows Home Directories: In its default configuration, die 
Active Directory Plug-in obtains the kxration of tlie User’s home 
direaory (in die liomcDireaory attribute of die User’s Active 
Direaory account) and puts it into die User’s Dfxrk so that it is 
easily accessible. It can also be configured, however (as covered 
later in this anide) to use die SMB-mounted Windows home 
sliaie as a Mac OS X network home direaory. 

• Password Poky EnforL'emenC In Jaguar password policies set in 
Active Direaory were not eflktively enforced Although the 
situation isn’t peiiea in Panther, users are allowed to change 
expired passwords on log-in, and password changing is 
effectively integrated into the user esq^erience, allowing users to 
change their Active Direaory password widi eidicr die passwd 


command line utility or the Accounts pane of the System 
Preferences application. 

• Multiple domain authentication: Active Direaory is capable of 
scaling to very large deployments. These large dcpIoymcnLs 
often form forests made up of multiple domains. Apple’s Aaive 
Direaory plug-in optionally allow's for users from any domain 
in a foirest (even domains in a different namespace^— for 
instance a domain called pandicrservcr.oig in a forest c'alled 
apple.com) to log into die Mac in question. 

• Active Direaory (jniup Support: Active Direaory keeps track of 
groups in a way dial is very different ftoiii Mac OS X (and most 
odier Unix-based Openiting Systems). This made it very diffttull 
in Jaguar to leverage the exteasive group management 
capabilities of Active Direaory* Panther’s Active Direaory Plug¬ 
in is designed specifically to interpret Active Directory group 
data, manipulating it in a way ihai makes it useful to Mac OS X. 


it this time. 


* Delegated Administration: Active Diieaory largely ofKtates on 
the principal of delegaicxl adminisration— granting certain 
administrative privileges in a granular fashion to iLsen; who are 
not domain administrators (tiseis, for instance, are often 
delegated the authority to add ilieir workstations to the 
domain). Tlic Active Directory Plug-in is friendly to this a>ncepi, 
optionally allowing one or more Active Directcjry grrxips to 
administer the Mac OS X workstation. Administrative capabilities 
can additionally lx? granted to specific users (rather than groups) 
die same way they would be on the Windows platform, by 
setting the Managed By attribute in die Windows Active 
Directory Uscts and Computers applkticion. 

• Disconnea Behavior: Panther displays far l>etter disconnect 
behavior when domain resources are no! available, in Jaguar 
the user experience as Open Directory (Apple’.s Directory' 
Services infrascnicture) .struggled to re-cormeci to missing 
direclory domains was painful to say the least, with difficult 
timeouts that left the client useful for extended periods of 
time. 'Ibis has improved in Pandier to die extent diat Active 
Directory usct accounts can even be cached locally, so that 
the user is able to log in even if the domain Is not available. 
When the domain is available pas.sword ixilicics (such as 
expiry) are enforced. 
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• Uniqucll) GenmiiDn; One tjf ihe Inggesr rhullenges of 
integrating any Unix operating system wiili Active Directoiy^ Ls 
the link|iieID. TliLs integer (sometiii'ies ciilleci uicl) is used io 
uniquely klentify Unix acciHints. Active Directory' siippt>its 
several unique icktitifiers (among tltem guids and sids) hni they 
aie 128 bit Itex identitlers. Ihis resolts in quite a bit of difficulty 
during inic'gniiion, since a user acrmimt without a LiniquelD 
Isn't really a user acetrunt as far as Mac OS X is ctmcerncxl. The 
Acnive Directory Fliig-in works around diLs issue, generating an 
integer UniciuelD From the 128 bit hex guid. IHs conversion 
(done aaxjiding to Microsoft's specilkalion at t)lah) pnoduces 
an integer IfnictuelD that Ls IxXh consistent tliniughoul tlic 
domain and Uniciue among all user acxounts, 'fhe only real 
downside to tJiis (iroccfcs Is dial die converted UniquelD's are 
very large, and not all Applications deal widi them coneclly. 

* Domain coniroUer prcferencx^; When the Active Directory 
Flug-in joins a domain it attempts lu locate the nearest 
domain controller using site policy publislied to DNS. 
Unfonunalely site polity is not always c’onflgured correclly, 
so the Aaive Direaory Plug-in alkms yt>u to s]x:ciF>’ a 
preferred domain controller. 

Configuring the AD Plug-in 

The Active Diretiory Pkigdn, like most other end-user 
configurable C)[K*n Directory Plug-in’s, is itmfiguretl vising the 
Directory* Acx'ess application, which Ls ItJtulcxl in an out of lx>x Mat' 
OS X install in /Applicutions/lftilities. (xmfiguring Active Diieaoiy 
integration is as siiiifjle lls starting Direttory Acmss, c litxising its 
Adive Directory' l^lug-in, and clicking t>n die configua* button, as 
set»n in Figure 1. 
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Figure K The Directory Access application. 

Configuring the Aaive Directory Plog-in results in die dialog 
seen in Figure 2, It is, in its basic fomi, extremely straightforward, 
prompting for a domain and forest to jt>in, along with an ID For 


the conipuier In die case of Mac OS X clienis diis computer ID 
should reflect loc'al ruiming ainventions and policies (machines 
are often named setjuenlblly^ or Ixised on their user or physical 
location). Server jt>iiiing Active Directory shinild use the 
unqualified portion of their hostname, I Iomc^,pantherservcT,oTg, 
for insliince, would have a computer ID of homes (this allows for 
easier single-sign on interojXTaiiilily Ixlw'een the server an the 
Active Directory Keriieros environment). 


Active Oircctorv Forest; ads.4am'-medk»-com 

1 

Active DIrectorv Domain ^ads.4am-,mediA.com 

1 

CompuLci^ iD: m-h02 






Cancel 

3 C. OK J> 


Figure 2. The Active Directory Plug-in's 
l>asic configuration dialog. 


0|Xionally, clicking on die Show Advanced Opdons triangle 
reveals die interlacx* [liaiued in Figure J. TtiLs Ls wliere most (but 
not all) of die Famirt^ iLstcxI earlicT in this article are implemented 


F^ Hid* Advanced -- 

[2 Cache laii uier logon for ofriinc operation 
^AuthenUc4tt In mulikplt dOhi»jiiii 

n Prefer thit domain ferver >erv«i.domj^n.com 
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_ Map UfD to attribute. 

Thii Mirtbui* wiM bi lilt'd ai ih* UAtqn* ID 

C Allow admini ration by. Dofnain Adtnin^.Ente rpr Is e Admins, 

crner group Mm*» stpir^ttd l>y commai. All 
mrmiiNin theie protiiit wiH iw* *aiwtfiiKr>Wir 
pnviieati thi» compunr. 

( Catfccel ) ( OK ) 


Figure 3, The Active Directory Plug-in's advanced 
configuration dialog. 

Options Ifom this interlace (along with other interesting bits of data) 
are .stored in the Active Directory Plug-in's configuration file 
(/Ijbrary/Preferences/'DireaoryServictVAaivel )ifectofy'.plLst) which 
Ls discxissed in tmiiv depdi later in diLs article. 

Wlien the desired options liave Ixen sixxificd, you may selcxt 
the Rind bunon. 'lids results in an authentication dialog, pictured in 
Figure 4. This dialog accepts a cxintainer or otganizational unil in 
Active Directory along widi credentials a-quirecl to add a computer 
accxsiint to ir. lliis is an important concepi— the graphical interface 
em>net>usly implies that tXirruiin Administrator credentials are 
required to add die Mac to die Active Diieciory Dormin. in reality, 
all you need to supply are the credeniiais of a user able to add 
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computer accounts to the specified container or ou. As mentioned 
earlier this is a comnioniy delegated task, often left to users or low- 
level IT staft'. 



Figure 4. Joining Active Directory requites that the specified 
credentials be able to add computer accounts to tiie indicaited 
organizational unit or container. 


Troubleshooting 

Other than a thorough understanding of Active Direaory, Open 
Directory, and directory services in general the two most impoitant 
tools for troubleshcx^ting Active Dinectc^ry integration issues are 
network sniffers (like tcixlump and ethereal) and tlie Directory 
Service daemon's debug mode. 

tcpdump is Installed on Mac OS X (and most otlier Unix 
operating systems) so I mast commonly use it to initially gatlier data, 
later examiimig tliat data using a graphical tool like ethereal 
Kerberos data in particular looks largely lilce a bunch of hex over the 
wire, and etheieal can be a great help translating tliis data into 
sometliing tliat’s human readable. 

ittab$ sudo tcpdump -w join*dump -i enl port domain 
or port 3268 or port kerberos or port kpasswd or port Idap 

Comment 

Tlie work of ilie Active Directory piug-in is actually executed 
by the DiiectoryService daemon, which produces very good logging 
data, particularly in the case of Active Direciory interoperability. To 
turn debug logging in, you need to send tlie USRl signal to the 
DirectoryService process. 'lliis begins logging to 
/IJbraryAogs/DirettoryService.debug.log. Active directory mctisages 
are prepended with tlie string ADPlugin:, so tlie log itself (which is 
very verbose) is easy to filter. 

xsgS:" tadmin? sudo killall -USRl DirectoryService 
ta<linln$ tall -f 

/Library/Logs/DirectoryService/DirectoryService.debug.log | 
grep ADPlugin 

2004-10 U 01:38:17 PDT - ADPlugin: Calling GustomCall 
2004-10-14 01:38:17 PDT • ADPlugin: Doing 

CheckServerRecords...,.. 

2004-10-14 01:38:17 PDT - ADPlugin: Good 

credentiala for jclncr@ADS.4AH-MEDIA.COM 

2004-10-14 01:33:17 PDT - ADPlugin: No connection 

in connection mgr for joiner® ADS,4AM-MEDlA.C0M#ada,4ain- 
media.com:3S9 

2004-10-14 01:33:18 PDT - ADPlugin: Secure BIND 

Session with server w2k*ads*4arn media.com:389 
2004-10-14 01:38:18 PDT - ADPlugin: Processing Site 

Search with found IP 

2004-10-14 01:38:19 PDT - ADPlugin: Added 

connection to connection mgr joinerMDS.4AM- 


MEDIA,C0M@ads.4am-media.com:389 

2004-10-14 01:38:19 PDT - ADPlugin: Found Default 

Domain ads.4ara-media.com 


Turning on debug logging in the DirectoryService daemon* 
'The debug log is easy to filter with grep. 

DirectoryService debug logging remains enabled until the 
daemon is re-started or until it receives another USRl signal 
Sending a USR2 signal enables API logging, which logs every 
Open Directory API call to the system log (/var/log/system.log). 
USR2 logging Ls heavy-weight, and will automatically turn off 
after 5 minutes. 


The User Experience 

In its default configuration, users from Active Directory are 
allowed to log in to Mac OS X using several forms of their user 
name (in order to be as compatible as feasible with tlie Windows 
user experience.) John Doe for, for instance might be able to log in 
as jdoe, John Doe, jdoe@ads.pantherserver*oig or ADSNjdoe* The 
user is given a local home location in the /Users directory and a 
Kerberos TGT (ticket granting ticket) is obtained on log-in. This 
means that users can access mcxst domain resouices— from 
kertx^rized file servers to Outlook Web Access (using Safari) witliout 
re-authenticating. In the diem flavor of Mac OS X (Mac OS X 
Servers behavior differs) the usefs SMB home directory (if it is 
listed in their user record) is placed in their dock and automatically 
mounted using NTLMvl autlienticarion (die TGT is not obtained 
early enough to mount it using Kertx^^ 06 , which is far more secure). 


Advanced Configuration 


Some of the Active Directory Plug-in's most significant features 
are not available in its graphical interface. Most of these are 
available through the dsconfigad command, the AD Plug-in's 
command-line configuration interface* The Active Directory 
liomeDiiectory UNC, for instance, can be used as the Mac OS X 
home directory (rather than being mounted on the desktop) using 
die dsconfigad command's -localhome flag. 

djou:" djou$ dsconfigad localhome disable 
djou's Password: 

Settings changed successfully 
djou:^ djou$ dsconfigad -show 


You are bound to Active Directory: 

Active Directory Forest ~ ads . 4ara-tiiedia, com 
Active Directory Domain = ads * 4am-media*com 
Computer Account ” m h02 


Advanced Options 
Mount Style 


smb: 


Using dsconfigad, first to turn off the die default IcKal home 
behavior, then to examine the Plug-In's coofigumtion. Wlien 
-localhome is disabled, user home directories are mounted late 
enougli to support Kerberas authentication. 

This disabled localhome behavior has two variants, controlled 
by the mountstyle flag. A rnountstyle of SMB (the default 
configuration) interprets die UNC as an SMB URL pHst, allowing 
Mac OS X to use it as an SMB home direaory. 
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djou$ dscl /ActiveX Directory/ads. 4 am'media, com ' 
read /lisers/wlnnie homeDlrectory HomeDirectory 
homeDirectory: \W2k\homes\winnie 
HomeDirectory: <home_dirXurl>ainb: / /v2k.ads. 4ain- 
media. com/homes< / ur 1 Xpa th>winnie / < / pa thX /home_d i r> 

Coupled with the AD Piug-in’s -locaihome disable <>ption, the 
SMB mount style interprites the Active Diiectory homeDireaory 
UNC as a Mac OS X HomeDirectory (a URL plist). Notice the case 
sensitivity here— the Active Directory attribute Is called 
homeDirectory. It is used to produce die Mac OS X HomeDireaory. 

Conversely a mountstyle of AL'P inteiprets the UNC as an AFP 
URL. In general^ AFP offers a better home directriry experience than 
SMB, so tliis option has potential to improve the overall 
effectiveness of your infrastnioure. In the vast maprity of cases this 
Is less than useful, though, since Microsoft’s AFP Server is 
spc-cifically ritit up to die task of supporting Mac OS X home 
directories, lliis setting becomes advantageous in cases: when 
the home direaory server is nmning the newest version of 
ExlremeZ IP ( which features an AFP implementation that is far more 
capable than Microsoft’s) or when the home direaories are housed 
on Mac OS X Server. Fhe latter case is a new and powerfiil option, 
implying that Windows clients will mount die same (Mac OS X- 
hosted) home dirertory rising SMB diat Mac OS X clients mount 
using AFP. Ifie homeDireaory UNC in die AD User record in this 
case actually specifies a share on Mac OS X Server. Tills allows you 
to Jevemge Apple’s compelling and relatively affordable server 
solutions, even in a Windows-centric infrastructure. That this is 
fcasil)le Is a tesiamcnt to die deep level of integradon diat Mac OS 
X Server is capable of. Tlie only real down side is diat in Panther 
this does limit administrators Unix user-group-other permissions, 
radicT dian die deep set of access cxintroLs provided by die 
Windows platform. 

djou:^ djou$ dsconfigad -mountstyle afp 
djdu*s Password: 

Settings changed successfully 

djou:'^ djou$ dsci /ActiveX Directory/ads.4am-media.com - 
read /Usees/winnie HomeDirectory 
HomeDirectory: <homG_dlrXurDafp; / / w2k. ads. 4ain - 
media. com/ homes</u]:l><path>winni e /< / pathX/home_dir> 

Clanging the -mountstyle to afp indicates that the Active 
Directory homeDire*ctory attribute .should be interpreted as an AFP 
(rather dian SMB) url. 

Most otha-, giaphically available, options can also be set with 
dstxinfigad; these optkins are well documented on dsconfigad’s 
man p^ge. 

The Active Directory Plug-in: 
Architecture 

Important to the deployment of any application is a gcxid 
arcliitectural knowledge of the files, executables, data stores and 
logs that support its funoionality. 

• /Hbrary/Prefeicmccs/DircxtoryScrvice/ActiveDireaciry.piist: Tlie 
configuration file for the Aaive Direaory Flug-in, Options (set 
both graphically and using dsconfigad) are stored here, in 
addition to mappings txitween Active Direaory and Open 
Direaory reccad types and attributes. 


• /Li b rary/Preferences/Di rectory Servic:e/ Sea rch N( )deCon fig. p I ist: 
Tlie file diat stores die Open Directory search polic'y, sficcifymg 
which direaory domains should be searched for user accounts 
and cither direc^tory data. 

• /Iibrary/Preferences/Direaory.Service/ADGroupCache.pUst: 
As of 103.4, exists only in Mac OS X Server Active Directory 
stores gmup data differently from Mac OS X and most other 
Unix operating systems. The transformation of Active 
Directory groups into something that Mac OS X understands 
is relatively heavy weight. Because of diis and Ixicause Mac 
OS X frequently likes to look up group membership Apple 
initiaUy cached a local copy of every group in the Active 
Directory, This solution did not .scale, taking up to three days 
and sometimes producing a cache file that was a hundred 
megabytes or more. In 103^4 Apple abandoned this strategy 
in Mac OS X, reasoning that dynamic lookups of group 
membership data probably could be acliieved efficiently 
enough to meet user performance expectations, meaning 
that On the client OS) the ADGroupCache is no longer used. 
The legacy behavior is preserved in Mac OS X Server since 
it needs access to a flill listing of group membership no 
matter who is logged in. The frequency of the Plug-in's 
interrogation, though, is configurable by editing the Group 
Search Interval Hours key in ActiveDirectory.plist (it has a 
default value of 12 hours). 

Data transformation 

The Aaive Directory Plug-in is interesting in that it doesn't 
just query Active Directory for data. That wouldn’t be very 
useful, since Active Directory doe not contain all the cLita that 
Mac OS X needs for valid user or gn>U[) records. In addition to 
querying Active Directory, the Flug-in performs a numiier of 
data transformations, sometimes even appending chita to the 
user records it finds. The best example of tliis is probal:>ly 
Managed Client data (MCXSettings). When the Plug-in's 
localhome flag is set to enable, a great deal of Managed client 
data is added to each user record, specifically place die user's 
Active Direaory Home Directory into their dock (and to have it 
mounted at log-in) Other examples include: 

• Authentication Authority: A user’s AuihenticationAutliority is 

the attribute that Apple uses determine how the user should 
be authenticated. Users without AudicnticaiionAuthorLtics 
can not support login-time password policies (such as 
expiry and forced changes) or password changes in the 
AccounLs pane. The AD Plug-in generates an 
AuthemicationAuthority for every user based on the 
domain's configuration, allowing for the seamless suppoit 
of Active Directory password policies. 

djou;'- djou$ dscl /ActiveX Directory/ads.4am-media.com - 
rp-ad /tisers/winnie 

Authent icatlortAutho rl tyAuthent icet ionAutho ri ty: 

1.0:Kerbei:osv5i3398lD08'027D-3843-flE3B- 

AB80FA3DAO7F: winnie@ADS. 4M-HEDlA. COM: ADS,4AM-MEDXA; 

comment 
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• HomeDirector>' and NFSHomeDirectojy: HomeDi rectory" and 
NFSHomcDireciory describe llie location of a Liser’s network 
home directory. The former is an XML plist describing how 
to create the latter, which is a iHe system path. Neither is a 
standard pan of an Active Directory user record (althougl] 
the latter can be supplied by Active directory's 
msSFUSOHomeDirectory if services for Unix are installed). As 
seen earlier, both are auiomaiic^ally generated based on the 
account’s home direaory as descril:)ed in tlieir Active 
Directory user record (using the UNC path described earlier 
in this chapter). 

• Mount Record: The mount record works in conjunction with 
the User’s HomeDirectoty and NESHomeDirectory attributes 
to help suppt^ri network home directories. Like llie user 
home directory attributes it is generated on the fly based on 
the User’s home directory UNC. 

djou:-' djou$ dscl /Active\ Directory/ads.4am-media.com - 
read /Mounts/v2k:\\/homes 
ADOomain: ads.4am-media.com 

AppleMetaNqdeLocation; /Active Directory/ ads.Cam¬ 
med la. Com Coinment: Dynatnlcfll ly generated - DO NOT 
ATTEMPT TO MODIFY 
KecordNamei w2kr/homes 
VESLiukDir: /Network/Servers/w2k/homea 
VFSOpts: net uri=smb://w2k. ads . 4am-media . com/homeE 
VFSType: url 

The AD Plug-in generates an autoinount record designed lo 
help mount nciwork home difecturies. Guest access doe not 
have to be enabled on this share point. For now, Mac OS X is 
incapable of using vinuai home shares {\\ser\"er\username) as 
user neiwork home directories, and must Iki able to kx:alc home 
directories at a f)aih l^elow a share point. 

• Kerberos Auto Configuration record: One of Mac OS X‘s 
tnore intriguing Kerberos integration feaiures is auto- 
conligumtion. Mac OS X, when it deiermines that it needs to Ise 
conligured for Kerberos, will execute the kerberosautoconfig 
command. Kert^erosauioconfig, in uirn, will search the directory 
domains that the client is aware of, looking for a Kerl^eros 
configuration record. 'I'his record is very specific to Apple's 
infrastructure, and noi typically found in non-Mac direaories. 
The Active Directory Plug-in, however, is smart enough to auro- 
generate this configuration record, allowing for easy Kerberos 
inten operability. 

Caveats 

Panther’s Active Director)^ Plug-itt is by no means jK:rfect, 
and although Apple has done a relatively good job Pd lie remiss 
if T did not menrion some of the pitfalls I ve encountered. The 
most common issues tend Lo be unrelated lo the Plug-in ilsclh 
and are more related to other capabilities in the OS. -localhome 
enahled’s use of NlTMvl authentication (which is disabled in 


security-sensitive environments), for instance, is due to the Fact 
that the OS dtx^s not obtain a TGT early enough during logdn. 
lliere's not much that the AD Plug-in can do about tliat. 
Similarly, Mac OS X may not access user home directories on 
either DFS or a clu.slcred CIFS file system. Incidentally, 
'Iriursby’s ADmitMac product, which is a commercial Open 
Directory plug-in for both NT domains and Active Direaory, is 
not sul)jecL lo these panicular litniUilions, since it uses Thursb’y 
Dave CIFS / SMB client. AcliiiitMac also overcomes a less 
common issue, w^here Computer accounts are not allowed to 
read certain user aitribuies. Tliis measure is sometimes 
implemented to protect user privacy, but since Panther’s AD 
Plug-in conneas to the domain as the computer (rather than as 
the user) this could have the effect of keeping users from being 
recognized. Admit^iac [Hills some tricks to actually connect to 
the domain as the user (rather than the computer) ensuring full 
access to at leasi some user data. Finally, note that AdmitMae 
supptjrls Packet Signing, a cryptognipiiic security feature turned 
on by default in Windows 2(X)3 server. The AD Plug-in does not. 
Neither AdmitMae nonlie AD Plug-in support ne.sted groups, a 
common management strategy in Active Directory. 

Anothei- common issue that is encountered at the basic 
integration level is the use of DNS. Mac OS X, like Windows 
clients, uses DN.S Lo ItKale domain resources during die join 
proce.ss. Tills means that Mac X clients must have die Active 
Directory DNS server listed in die Netw^ork pane of the System 
Preferences application. Another DN.S-related issue revolves 
around the common use of the .local TLD. This cotiflicts with 
Apple’s Rendezvous multicast DNS implenienUition and must be 
worked around. Apple documents one proc:edure for this in 
kbase 107HOO. Tliere are several oilier, less intrusive solutions 
but they are beyond the scope of this ariicle. 

Conclusion 

.Someone other than me said that “A willow tree bends in 
the wind and .so the brandies, ixnng sufiplc do not break." It 
takes little imagination to understand that .Microsoft is a force of 
nature right now and that competing all out against them is ill 
advised. What niatiers lo Apple’s survival is sales, and Panther’s 
Active Directory Plug-in, in making Mlic OS X more wiliow-Uke, 
makes sales a lot easier. Good solutions support— rather than 
figlii— existing IT infrasiruaures. 

Till 
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Focus Review 


By Dave Mark 


Archos AV420 


M ere is a wonderful gadget that combines the video recording 
features of your Tivo or Replay TV with the portability of a 
Game Boy. 


To start things off diis year, weVe got a wonderful 
gadget that combines the video recording features of 
your l*ivo or ReplayTV with the fK»rtability of a Game 
Boy. The Arclios AV420 is a pocket video recorder. It 
comes with a cradle that you hook up to your video 
source using either three RCA connections (red, white, 
and yellow) or two RCAs (red and white) for audio and 
an S-Video connector for higher quality video. There’s 
also an AC adapter that you1i need to plug into the wall. 
Once you are connected, plug the AV420 into tlie cradle 
and you are ready to start recording. 



Once you stop recording, the recorded video is saved into 
an MPEG-4 SP format with ADPCM stereo sound. 

The AV420 interface is easy to use- To play video, use t he 
arrow keys to iiiglilight the Video icon, then press the center 
button. You are presented with a very Window-tike direaory 
listing of all the video fries in the video directory. Scroll down 
till ycju selea a file you vrant to play, then press the center 
button. Thafs it. 



Figure 2. The front panel of the AV420, 
immediately after booting. 


Figure 1. The Ay40, in its cradle, playing video. 

In its simplest configuration, the AV420 acts like a 
VCR. Set your video source to watch what you want to 
recr)rd and Uic video signal appears on your AV420’s 
display. Press the record button and the AV42D starts 
capturing the video. The AV420 will continue to record 
until it eiifiCT runs out of hard drive space or you press 
tlie stop button. The 420 comes with a 20 GB hard drive 
which equates to about 80 hours of recorded video- 


The AV420 conies with a pair of reasonable quality ear- 
bud Jieadphones with a built in thurnl) wheel volume 
control. You can also adju,sl tlie volume by pressing the up 
and down arrows. Since I Like to share (and who df:>esn’L^), I 
use a Boosteroo headset amplifier so two of us can watch 
video at the same time. I lower the volume on the headset 
thumb wheel, then use die arrow keys to raise the volume 
till my viewing partner is happy, 1 can then use the thumb 
wheel on my headset to fine tune my volume. Hie Boosteroo 
is very cool (http://www.ExxisterQO.coni)- 
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Tf you like, you can use the AV420 to drive an external 
video device. Tlic cradJe comes with a set of 3 HCA cables 
labeled AV-out. Plug those into your TV or VCR and press the 
TV/LCD button and the video output will go to the external 
device instaid of to tlie AV420's LCD display. 

Much More Thanks Just a Video 
Recorder 

1 love the whole idea of being able to load up SO hours 
of video and taking it on the noad. We went to the beach for 
a week and recorded movies, hours and hours of tlie kids 
favorite shows, and even a couple of Sopranos episodes for 
me. But, as I discovered, there is so much more that this 
macliine can do. It has a !>uilt-in microphone so you can 
record audio on-the-go. Tlie hard drive is just as happy 
with MP3 files and photos as it is with video files. 

You can use die built in USB 2.0 port to connect the 
machine to your computer and move your photos and 
music collection back and forth. 'Hie battery life is terrific. 
I regularly got more than 3 hours of life with the LCD 
driven the entire time. And if you pop the AV420 in die 
cradle, you can watch video as you recharge the battery. 
Just like a laptop. 

The AV420 also comes with a relatively simple 
recording scheduler, so you can use the AV420 like a VCR. 
The unit cximes with an TR emitter so you can change 
channels on your satellite receiver or VCR. 

ITiere's also a built-in CompactFlash Type i slot that 
lakes your cameras CompactFlash card or an optional 
Archos adapter for SD, SM, MMC, MS and MS Pro. This 


means you can take a bunch of pictures, fill up your 
camera's card, then pop out the card and pop it into the 
AV420. The AV4220 makes it easy to copy a single file or 
all the files from your card to the AV420 hard drive. You 
c:an use the LCD screen to preview the piemres, though 
things do slow down if your picture sizes lend toward the 
multiple megabyte size. 

Price and Size 

llie Archos AV420 lists for $549, but the street price 
can run as much as $100 less. It's about 3 inches by 5 
inches and about 7/B of an inch deep. The AV420 weighs 
just under 10 ounces. It comes with a carrying case that is 
designed to protect the .screen. The carrying case features 
a Velcro closure, as well as elastic on the sides which make 
it very easy to get the unit in the case. The case does an 
excellent job protecting the AV420, but does not allow 
space for die headset. Seems to me, this is tn line with the 
iPod cases IVe seen as well. 

The Future of the iPod? 

Speaking of the iPod, as I played with the AV420, I 
ccmldn't help but .sense that T was getting a peek into the 
iPod's future. Now that we have a color iPod, can't you 
just see the il'unes store sraning to carry a variety of 
video for download to the iPod? I see this as a logical 
next step. ThaPs the future. For now, the Archos AV420 
will do quite nicely! 
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Altec Lansing AHS602 
Gaming Headset 

You may begin to notice a trend as you read. Lots of audio 
goodies in the guide this year. Yeah, sound is pretty important. 
Whether it’s for listening to music from your iPod, wired or 
wirelessly, or talking on the phone (more on those later). Or, if It’s 
hearing the game as much as seeing it on the screen. For that, 
you need the Altec Lansing AHS602 Gaming Headset. This set 
was designed from the get go to be a perfect compliment to 
your gaming experience. 


To start, they have closed ear cups, 
greatly reducing ambient noise from 
intruding on your fragging time. They are 
very comfortable, but if you wear them 
long enough, your ears will sweat, and that 
is kind of icky. 40mm neodymium drivers 
produce great sound. The SRS 3-D audio 
technology in the head set literally puts 
you in the game. You can hear the bad 
guys sneaking up on you from behind. 

A boom microphone is attached to the 
left ear cup. With it, you can talk to your 
compatriots in online games that support 
it. It is a noise rejecting mic that acts to 
reduce background noise. It works just fine 
with iChat, too. 

A multi-function controller is in line 
near the head set end of audio cords. 
Volume control, mic volume (and mute), 
and well as SRS on/off and surround 
control are all on the controller. The only 


thing wrong with it. though, is that it is 
powered by one AAA battery. With all the 
juice running through the computer, 
you’d think they couid draw on that to 
power the head set, It’s no big deal, but 
stuff like that does annoy me, 

I ran the Altec Lansing AHS602 
Gaming Headset through it's paces 
playing Halo (mmm. Halo). It sounded 
spectacular. The alien roaring at me 
from the front. Other marines shooting 
at it from behind. I could hear where 
everything was. Plus, the ambient noises 
In the game sounded gorgeous. Music 
playing through it sounded great, too, 
whether rock, or classical, I felt like I 
was standing on stage, or right in the 
middle of the orchestra pit. 

The gamer on your list will love you 
for these, but be warred, you’ll never 
hear from him again. $100. 
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KoolTools 


EarJams or In-Ear 
Headphones? 


Both the Apple In-Ear headphones, and the EarJams from 
Griffin Technology are there to do a better job of getting the 
sounds from your iPod in to your ears. Both do the job well. 
Each has it’s pluses and minuses. The one thing they both 
do quite admirably is block out outside noise at least as well 
as large cup head sets will. 



The EarJams are add on pieces that 
attach to an existing set of ear buds, while 
the In-Ear headphones are replacements, 
hence why they are pricier. The EarJams 
claim to fame is that they “massively” boost 
the bass response. Boy, do they ever. It’s like 
night and day. and no other ear bud type of 
headphones com^ close. They do this by 
snapping a resonance chamber on to the ear 
buds. This makes them bulky, and not all 
that comfortable, even in my big ears. 

The Apple offering, conversely, is quite 
comfortable, but doesn’t give you near the 
bass sound as the EarJams, although it does 
a better job than the standard ear buds. 

The In-Ear headphones come with a 
carrying box that lets you wrap the cord, 
keeping it neat, and free of knots. The 
EarJams have a carrying case which helps 
keep the cord under control, but still leaves it 
susceptible to tangling. 

Figure out which one your holiday gift 
recipient would like better. Both are great 
stocking staffers. The Griffin EarJams and 
the Apple In-Ear headphones. $20 and 
$39 respectively. 
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BlueTake i-Phono BT420 EX 


Oy, the lengthy names some of these little bitty devices have. 
Continuing the shove more sound down your ear canal theme 
we have running at the moment, 1 present to you the BlueTake 
i-Phono BT420 EX. Yet another headset. What’s the big deal? 


Well, ttie thing almost every headset 
out there has In common with every 
other headset is wires. Wires that are 
never quite long enough, that tangle and 
knot almost continuously. Not so here. 
Bluetooth is on it’s way to becoming as 
ubiquitous as USB, and peripherals are 
beginning to pop up everywhere that 
support the Bluetooth standard. The i- 
Phono is one of the first headset devices 
out there that wirelessly moves the 
music from your iPod (or any player with 
an mini-jack) into the headphones. It’s 
two pieces; a dongle that plugs into the 
mini-jack port on an iPod, or other 
device, and the head set, with which you 
listen to the music, or take a phone call. 

First, the dongle. It's not bad. A lot 
smaller than I thought it was going to be. 

It has a power switch, and a single 
pairing button, surrounded by an LED, that 
signals when it is connected (blue flash), 
and when the battery is low (red flash). It 
would be a lot better if was more similar 
in design to say the Griffin iTrip, or similar 


gadget, that sits on top of the iPod, out of 
the way, with no wire. 1 can see that wire 
being the first thing to fail. 

Next is the head set. Surprisingly, a 
lot nicer than I expected. The ear pads 
are bulky, but by necessity, since they 
hold the battery, and Bluetooth receiver. 
On the right pad is the fold away 
microphone, LED light that gives the 
same signals as the dongle, the 
talk/pairing button, and volume control 
buttons. The left pad has the power 
switch, and the recharging port. The 
head set has a behind the head band. 
Wearing it was quite comfortable, even 
for long periods of time. I didn’t feel any 
unusual discomfort from the pads 
against my ears. The higher weight 
didn’t add to the fatigue I experience 
when wearing a lighter set of similar 
headphones. These things sound 
excellent. A really good bass response, 
and full sound overall. Not tinny at all. 
The volume control is very limited, 
though. Only about five or six levels. 


No\«mber • 2004 


WWW.MACTECH.COM 











Finer, more continuous controi there 
wouid keep me from having to go to the 
iPod volume controi as much. My oniy 
other concern with them is the head 
band itself. The plastics for it are rather 
flimsy, and I was concerned that if I 
foided them closed too often, the 
somewhat thin wire running through it 
might break. 

Fortunateiy, this device is 
rechargeabie. No scrounging to replace 
batteries. I got between 4.5 and 5 hours 
of battery life with nearly continuous 
use. The head set and dongle each 
discharge at about the same rate, too. 


The kit comes with two options for 
recharging the dongle and headset. The 
y-adapter cord that lets you recharge 
both pieces simultaneously can be 
plugged into either a wall charging cable, 
or a cable to recharge off a USB bus. Very 
convenient. Other goodies in the box 
include four color disks with which to 
change the look of the head set. Green, 
orange, red, and blue. They look really 
cool, with a metallic tint to them. Also, 
besides the easy to follow instruction 
manual, are a Velcro strap, and some 
Velcro pads, with which you can better 
secure the i-Phono dongle to the iPod. 
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Belkin Digital Camera Link 


Your iPod has a ton of hard drive space in it. live got just 
about every CD I own on mine, and lim not using half of 
the available space. So, what to do with all those extra 
blocks? How about store photos. 



The system software of the iPod 
supports the storing of photos, after ail. 
The Belkin Digital Camera Link is a 
handy little device that lets you make 
use of the extra space, and built-in 
capability to store images on your iPod. 
Itis a box powered by two AA batteries, 
and plugs into the docking connector of 
the iPod. It also has a USB port to 
connect to the USB port on your digital 
camera. Use is simple. Connect the iPod 
and the camera to the Camera Link, 


then push the button it to initiate the 
transfer. The Camera Link has an LED 
that indicates what it is doing. 
Deciphering the signals is easy. Just 
check the table on the back of the 
Camera Link. Easy as that. And, it works 
with many digital camera models. Check 
Belkim's web site for a complete list of 
supported cameras. This thing is handy 
to have along on vacation. You donit 
have to worry about having enough flash 
memory cards, or hauling a laptop 
along. The Digital Camera Link is light 
weight, and nearly the same size as the 
iPod. The only thing I wish it had was a 
built-in USB cable, to match the docking 
cable integral to the box. It would save 
having to take along another wire. $80. 
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Macally BT 
Mouse Jr. 


The mini-mouse is pretty much a must for mobile users. Track 
pads just don’t cut it for regular use. But, as always, there’s the 
wire problem. Macally has a right smart solution for that. 


Any computer with either built-in 
Bluetooth, or an attached adapter can 
use this two button mouse, which also 
includes a scroll wheel/button. No 
additional drivers are needed. Once you 
pair the mouse with the computer, and 
set it up in the Bluetooth control pane, 
itis just there ready to go. It uses 2 AA 
batteries, which are included. Itis a bit 
smaller than a regular mouse, but is 
quite comfortable to use, even for 
someone with large hands. That makes 
it ideal for travel, as it takes up only a 
little space, (till fit quite nicely in a 
stocking, too. $49. 
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APPLESCRIPT ESSENTIALS • by Benjamin S. Waidie 


More Finder 
Scripting 


Manipulating Finder 
objects 

In this article, when 1 refer U) a 
Finder “item” or "objecr, please note 
that 1 am simply referring generically to 
either a file or a foiden 

Opening 

We have already seen how the 
following code can be used lo open a 
folder using the Finder, 

tell application “‘Finder'* 

set iheFolder to make new folder 
at desktop with properties 
{name: “My Folder**! 

open theFolder 
end tell 


You may also have the need to 
open a file using the Finder. To simply 
open a file, die AppleScript syntax is 
the same; 

set theFile to choose file 
tell application “Finder'* 
open theFile 
end tell 

In some cases, you may want to 
open a file using a specific application. 
For example, let's say that you have a 
Fbotoshop or fnmgeReady droplet, or 
an AppleScript dn^plet and you want 
to process one or more dropped items. 


You can do this with AppleScript in the Finder by making 
use of the using parameter along wiiii the open 
command. 

set tbeApplication to choose application as alias 
set theFile to choose file 
tell application "Finder" 

open theFile using theAppiication 
end tell 

Revealing 

If you simply want to locate and navigate to an item 
in the Finder, you can u,se the reveal cfmimand. This 
will locate the object in the Fifider^ open a new window 
if necessary, display and select the specified object. 

set LheFlle to choose file 
tell application “Finder" 
reveal theFile 
end tell 

Moving 

Moving files and folders around is another common 
task involving die Finder. To move a file or folder, use 
ihe move command, 

set theFile to choose file 

set theDestinationFoider to choose folder with 
prompt “Please select a destination folder:" 
tell application “Finder" 

move theFile to theDestlnarionFolder 
end tell 


By default, the move command will not automatically 
replace existing items in die destination location with the 
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W eVe taken a look at some basic Finder scripting, including 
creating, naming, and updating folders. This month, let’s 
expand a bit further, and begin looking at some other scriptable 
Finder functionality. 


same name. If you want to replace existing items In any 
situation, then you can simply use the replacing 
parameter to inclieate that any existing items should l>e 
replaced, if necessary. For example; 

tell flpplic.nttfin "Finder* 

move rheFtle to thoDesLlnDlionPolder tepliicing true 
end tell 

If you do not want to replace existing items, but you 
still warn to move the item to the destination folder, then 
you will need to create custom code to handle the 
situation as you see fit. For example, if you w'anted lo 
add a unique numeric suffix to the item name, and then 
move it, you cx}uld use the follow'ing cxxle: 

set iheFiie to choose file 

set theBestinationFoidei: to choose folder with prompt “Please 
select a deatiTvetlon folder;" 
tell application "Finder" 

flst rhoFnoNamc to iiante of theFlle 

set thePaihToCheek to theDestinatiauFolder & theFileMame as 
string 

if item thePathToCheck exists then 
set theSuftix to 1 
repeat 

if (item {thePathToCheck h theSuffix) exists) false 
then exit repeat 

set theSuffix Co theSuIfix + 1 
end repeat 

set nanic of IheFile to theFlleName k theSuffix 
end if 

move theFile to theDeatinationFolder 
end tell 

Duplicating 

To copy an item, you need to use the duplicaLe 
command, rather limn ihe copy command. For example: 


set ihoFlle to choose file 

set theijeatlnatlooFolder to choose toider with prompt 
"Please select a destination folder:* 
tell application "Finder" 

duplicate theFile to theDestlnationFolder 
end tail 

As of the wTiting of this artkie, the Finder diciionarv did 
indic'aCe llie presence of a copy cixinminti. However, ihLs 
amunand was not yet implemented in the Mck OS' X 
Panther {1033) Firukr. In addition, once hinctional, tlie 
copy command will lx? used Lo copy items to the diplxKird, 
rather than to copy them from one location to anoclier. 

Duplicating is similar U> moving, in that it will not 
automatically replace existing items with the same names. 
In order to replace existing items, you need to use the 
replacing parameter* 

tell application "Finder" 

duplicate theFile to thcDostlrioLlonFolder replacing true 
end tell 

Tf yon do not want to replace existing items in a 
destination folder, bill you siill w^anl lo copy an item to 
the destination folder, then you will need to create code 
to handle thb .simation. For example: 

set theFllE to choose file 

set iheDestinationFolder to choose folder with prompt 
"Please select a destination folder;" 
tell application "Finder" 

set theFiieliame to name of theFile 

set thePathToCheck to theDestlnatlonFoldor Jt theFiloNamc 
as string 

If itcm thePathToChock exists then 
sot theSuffix 10 l 

repeat 

if (item (thePathloCheck h theSuffix) exists) - false 
then exit repeat 
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Bet theSuffiJi to the Suffix + I 
end repeat 

sat name of theFile to theFileMame & theSufflx 
end if 

duplicate theFile to theDestinationFolder 
end leH 

Deleting 

To delete an item, u'ie the delete command: 

set theFile to choose file 
tell application “Finder” 
delete theFile 
end tell 

Please note that the delete command will not 
actually delete an item, leather, it will move the item to 
the trash, where ii may he retrieved until the trash has 
been emptied. If you want to fully delete a file, you will 
need to tell the Finder to empty the tnish after performing 
the deletion. For example: 

eat theFile to choose file 
tall application “Finder" 
delete theFile 
empty the trash 
end tell 

Keep in mind that by emptying ilie trash, you will be 
removing any other items residing in the trash as well. 


In addition to these common properties, files, 
folders, and disks also have additional properties 
specific to their particular class. For example, files have 
a file hype and creator type properly, whereas 
folders and disks have other properties not possessed by 
files. For exam]>le: 

set theFile to thoofle file 
tell application “Finder” 

set tbel'ileType la file type of theFile 
set theCreatorType to creator type of theFile 
end tell 

Some developers prefer to avoid scripting tlie Finder when 
possible, and resort instead to using a .scripting addition to acceScS 
certain propenies of files and folders. The Standard Additions 
scripting addition, whicli is installed witli Mac OS X, contains a 
command for just tills task - info for, Ihis command may ix; 
used to retrieve a variery of properties for files and folders, such 
us name, modification dale, size, and more. For example: 

set theFile to choose file 

set iheFileInfo it) info for tlieFilc 

set ihcNanie to name of tliel'iJeinfo 

set theModDate to modification date of theFilelnfo 

set theSize to size of iheFilelnfo 


Getting Object Into 

When working with an item in the Findei% you will 
probably warn to retrieve information about the item. 
You can do this by accessing the properties of the 
desired object. Common properties shared by liotli files, 
folders, and disks can be found under the Finder Items 
suite in the dictionaiy, 



Figure L Finder Dictionary > Finder Item Detail 


Some eummonly accessed propeities of Finder items 
include the modification date, name, and size of 
the item. For example: 

Bet theFile to choose file 
tell application “Finder" 

set theModDate to modification date of theFile 
set theName to name of theFile 
set theSize to size of theFile 
end tell 


What About System Events? 

If you have done some seripting in Mac 05A"l>efore, 
then you may be somewliat familiar with the System 
Flents background application. Hiis application allows 
you to autcxiiate various ,system related activities. 



Figure 2. The System Events Dictionafy Window 


Some of the commands in the System Events 
dictionary are very similar to commands found in the 
Finder dictionary, including the delete, move, and 
open commands. For these specific commands, System 
Events may be used instead of the Finder However, 
please note that certain parameters, which are present 
w^hen seripting tlie Finder, are not present when scripting 
System Et^enls. For example, when moving an item using 
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System HmnLK, there is n<n cxirrenUy a wiiy to specify 
whether existing items sliould be overwritten. Wlien 
using thLs command, items will never be overwritten. 

set theFlle to (cKoose file) as string 
set tbeDestlnationFoldfir to choose folder 
tell application System Events’* 

move disk Item theFlle to theOestlnatlonFoIder 
end tell 


The System Jivcmts dictionary has expanded 
.signibcantly with the last few major Mac OS X releases, 
and I expect it to continue to expand in the future. My 
guess is that more Fb^rA^r-iike functionality will continue 
to f>e built into .Vvsrem IMmrs with every majciir OS release. 
System Iwents contains much more than the few 
commands I mentic^ned above, and f encourage you to 
explore it in greater detail in order to find out more about 
what System Fjnmts has to offer. 

In Closing 

This morUlfs article should take you a little ftiitlicr 
down the road of Finder scripting. For some editable 
examples of Hrir/er scripting, ytni may want to check out 
tile examj^le Finder .scripts included with Mac OS X. 
These can be found in the Lihran^ > Scripts > Finder 
Scripts folder on your machine. In addition, Applets 
ApfdeScripl web ,sUe contains some fmr/er scripts, which 
can ix* triggered from the Finder's toolbar. For additional 
information alxiut all of lhe.se scripts, as w^ell as links tt) 
download the toolbar scripts, please visit 
http://www.apple.com/applescnpl/finderA 

Until next time, keep scripting! , _ _ 
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CONFERENCE REPORT • by Dave Mark 


WWDC, 

Steve, and Tiger 


The Keynote 

Before he opened the kimono on 
Ti^>er, Steve gave his traditional 
prodncL overview. He sliowed sotne 
nice pictures of some of the newest 
Apple stores (80 stores worldwide, a 
cocjI new 6 story .sLore in ihv midst of 
Tokyo’s Ginza district, more than 20 
million visitors a year, $250M in third 
parly product sales). 

Next came a discussion of Apple’s 
music story, including the iTunes Music 
Store (more than lOOM songs sold). 
Airport Express, and AirTunes. One 
nice thing w^as the deal Apple made 
with BMW, integraiing the iPod into Uie 
glove compartment and steering wheel 
of BMW s 3 Series, X5, X3, Z4, and 
mini-Cooper. Tire adafHer cable 
dangles from ilie middle of the glove 
compartmeni and plugs into the 
bottom of I he iPod, providing power, 
and tlie ability to control the iPod 
directly from the steering wheel. Jobs 
even brought some of BMW’s finest 
into the Mosccjne k>l>l^y so the WWDC 
crowd could play. Not sure IVe got a 
BMW in my future, but it is nice to see 
this level of integration between iPod 
and auto. I’m guessing we’ll see more 
(rfihe.se partnerships in the near future. 


Next up was the announcement that all new Fow'er 
Macs will ship with dual processors. The new G3 
machines io|) out at 2.5 GHz with a L23 GHz front-side 
bu.s and an 8X Super Drive, all starting at $1999. Sweet. 

If you were at last year's keynote, you iniglil 
remember Sieve promising a 3 GHz processor by tliis 
year’s WWDC. He did a nice job explaining why this 
didn’t happen and also showed an intefe.sting sLaiisiie to 
comf>are the G3's pvoa^ssov speed growth to that of 
Intel’s fastest. According to Steve, Intel’s fastest processor 
this time last year doc’ked in at 3^2 GHz and liieir fastest 
f>rt>cessor right now runs at 3,6 GHz. That's a real 
increase of .4 GHz and a percentage increase of 12.5%. 

The Ct5 has increased from 2.0 GHz to 2.5GHz. Thai’s 
a real increase trf’ .5 GHz and a percentage gain of 25%- 
hither way you slice it, Apple has <lone well when 
compared with the rest of the industry, 

Steve also introduced a slick new series of Cinema 
Displays. 20", 23’' and (get ready for it!) 30” models. 
Unbelieval^le, 30 inches. Terrific aluminum enclosure 
wkli a single base stand (compare to the 3 points of 
contact with the current model). 'I'wo KireWire pons, 
two USB-2 ports. 1’he bezel is much trimmer and there’s 
a single cable canning out of the display, splitting into 4 
cables on the computer end (DVt, USB, FireWire, 
Power). Nice. 

The 30” story Is pretiy interesting. Apple worked 
with nVidia to develop a custom graphics card to drive 
the displays (the G^force 6800 Ultra), Requires 2 DVl 
connectors. The card will drive 8 Megapixels, which 
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T he date: June 28th-Jnly 2nd, 2004. The place: The fabulous Moscone 
Center in San Francisco. Of course, T'm talking about the yearly 
World Wide Developer’s Conference. More than 200 sessions, a 
tremendous keynote and, most importantly, the moment weVe been 
waiting for - the sneak peak at Tiger as only Steve Jobs can give it. 


mean!? it will drive two 30” displays; with a sing;lc card, 
though the card is currently only supported by the 
Power Maes. 

Software Tansitions 

ndbre lie inlrcKiuced Tiger, Sieve spoke a hit ahoui 
the adoption of OS X, There are currently 12 million OS 
X users, w^hich represents about half the installed base of 
Mac users. There are nitire llian 12,000 nalive Mac OS X 
applications, lie made an interesting point, comparing the 
transition from the Apple 11 to the original Mac OS to the 
transition from DOS lo Win 95, Tliat was the firsi wave of 
OS transitions. The second wave was Mac OS to Mac OS 
X and the evennial transition from Win 95, et al, to 
Longhorn. 

tie spoke about software transitions to OS X, going 
out of his way to mention a dinner he had witii Bill Gates 
and die great love the two companies have for eacii other. 
11mm. Borland has announced a port of their Java dev 
tools to Mac OS X. That’s Interesting. Quark released QFS 
(the Quark Publishing System). Oracle announcetl Mac 
OS X support for lOg, their grid computing DBMS. 
PeopieSolt is certifying all their apps for Mac OS X. Sun 
announced OS X supiKirt for their Java tools as well. Bob 
Bennet, the GM of SGI spinoff Alias announced the 
release of Maya Unlimited for Mac OS X. Maya is a darling 
oftiie film industry, rendering special effects in films such 
as the Lord of the Rings. Very cool stuff. 

The demo part of the program started off with llaren 
Conroe from IJbistift detnoing Myst TV, Revelation, which 


is being simukaneously released this fall on The Mac and 
Window^s* This new Myst was written using OpenGL. 

Guitar Rig is an Audio Units plugin from Native 
Instrumenls in BcTlin, GarageRand is compatible with 
Audio Units plugins and Guitar Rig was developed 
specifically with GarageBand in mind, Daniel Haver, CEO 
of Nalive Inslrumenls, and Jcx^ Gore (formerly of Guitar 
Player magazine and a heckuva guitarist) slKiw^ed off a 
wide range of guitar synthesis, though tJiere is way more 
to Guitar Rig than the small amount of stage time they 
had allowed them to show. If you are a gtiitarist, Guitar 
Rig is as big a leap forward as GarageBand was when it 
first came out, 

Aran Anderson, President of Advanced Analytic 
Systems Design, gave a quick demo of CJrbit, a veiy cool 
satellite simulator, Wriiten m OpenGL, Java, and Cocoa, 
Orbit has to be seen to l>e believed. In a nutshell, Orbit 
renders the predicted position of abetut 650 satellites 
using data puhiidy available from Norad, Nasa, and the 
UN. The satellite pailis are renderetl at aboLit 200 times 
real time, so tliis tiring really movers. Orbit was written 
using Xcode in about 3 months. Aran, if you are reading 
tliis, brilliant job! 

Tiger 

As you all undoubtedly know, the real highlight of 
the show was tlie official announcement of Tiger, the 
next version of Mac OS X. It is scheduled fc^r release in 
the first half of 2005. 
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Tij^ct Is a 64-liit operating system* with a hill 64-l7it 
system library. tt’U nm 32-bit processes right alongside 64- 
bit prwesses. Tiger offers T.P64 support in GCC, wliicli 
means that longs and pointers are both 64-bit. Another 
feature of a 64-bit architecture is a vastly larger address 
space- A 32-bit pointer can point to 2^^ possible 
addresses. A 64-bit |x>inter can point to 2^^ possible 
addresses, 'fhis really comes in handy if yrnt are dealing 
with massive imagery^ 

Tiger added better fine grain locking for better SMF 
performance. SMP is .symmetric multi-proce.ssing which 
basically means multi-processing where all processors are 
ec]ual in cafyability. For example* you might have two 
processors, each of which can run kernel ccxie. Ixx^king is 
pretty standard in the database world where you liave to 
guard against two different processes tiying to write to the 
same data object at the s;nne time. Fine gniin locking* as 
its nxime implies* gives prognmimers the ability to lock at 
a more gninular level. Fine grain locking is good. 

Tiger also added access ct:introl lists so you can assign 
file/folder/network services access permissions in a much 
more sopliislicaled way. 

Tiger also features a new versk)n of Xgrid technology. 
The first version of Xgrid is whar allowed Virginia Tech to 
tie together 1 JOG Power Mac G5s into the second largest 
suj>erconi|)uter in the wtjrld. Here's a link to tlie Virginia 
Tech lerascaie Cluster: 

http://www.computing.vt.edu/research_computing/ter3scale/ 

Apple has also invested in making I’iger a much 
better citizen in the Window's universe. Belter SMB 
|X-rforniance (something that wall surely help Mac OS X 
adoptions in the defense community)* SMB home 
directories* inct>rponiiion of MIT's KerlxTos network 
authentication protocol, support for N'rLMv2 (the NT I,AN 
Manager)* H'FML email composition and Word lal)le 
supfKjrt in TextEdit. 

Spotlight Search Technology 

OK* now tilings really stait to get interesting. 'Hger's 
Spotlighi search technology is really some tiling new. And 
iFs someiliing every single Mac user will make u.se of. 
Basically* Spotlight is a metadata search engine* but one 
where all of the fagging WTirk is done for you. Spoilight is 
an API* so you t^an use it in your own apps* and most of 
the apps that ship %vith Tiger* including the Findei* 
Address Bcx>k* Mail* and System Preferent'es will have 
Spotlight seart:hing built in. Spotlighi will search all your 
existing documents. You don't need new versions of your 
apps* though you'll definitely wmnt to add Spcxlight 
.searching to your apps. Spotlight supports all current llle 
exteasions and all metadata formats and it is extensible. 
It’s jTowerfiil stuiT. 


It is hard to really grok *SpcHlighi until you've actually 
seen it demtK'd. As you might ex|X'Ct Steve did a great 
job. He sat down at a machine chat had more than 
100*000 files loaded on it. He opened a Finder window* 
then lyped the w'ord pbcar in ifie search field. Boom. 
Instantly, a list of 48 items appeared. vSo far* this is pretty 
similar ro the way the Finder w^orks now* but the results 
retrieved by SfKJtlighi are lar more comprehensive 
because the search methodology is much more 
sophisticated. As an example* Steve did a searcli on half 
dome and one of the item.s returned was a PD I' ciocument 
of a Yosemite map witli the words ha f dome embedded 
in the map. 1 mean* think about that. .Spotlight found a 
text lal>el on an image embedded in a PDF document. 
This is not your father s search tedinology. 

In Steve's demo search for fixar, most of the items 
the Finder relumed did not have anyW'here in the 

title. Instead* Spotliglit picked up the term in places tike 
a file's copyright notice. Since the files are reverse 
tmlexetl* you can search a large domain instandy. When 
Steve changed pLxat to pixar 2(K)2 tlie results appeared 
as s<K>n as he hit die last 2, 

'Hie iiitertace impiemeniaiion is elegant. To refine a 
search* click on a + button and a series of popup menus 
appear tliat let you refine your search. For example* ytju 
could select Kind from a popup* ihen a secemd popup 
appears so you can select lor a canned list of file kinds 
(like Movies, fur example). 

Once you have the sea rt h jusi ihe way you like it, 
you can click the Save buUon and a .smart folder is 
created in die Finder wintkiw's sidebar, I'his is an 
important feature. Suppose you were preparing a 
comprehensive repon on the mating haliils of the 17-year 
cicada and you were constantly accumulating cicada 
imagery from around the world. You could do a .search 
for cicada images w^here color space is CM^IC. dien save 
die search U> die .sidebar. Anytime you wanted to review 
your current collection* just press the saved search in the 
sidebar and the images apfiear instantly. You get the idea. 
Steve also showed off smart maillioxes in Mail and smart 
groups in Address Book* as w^^ll as a Spotlight in System 
Preferences and a Spotlight menu icon in the right corner 
of the menu bar. Riglit on! 

H.264 

'Ilie 11.264 AVC (Advanced Video Codec) has l>een 
ratified to l^e indnded in the next generation hi-def DVT> 
fonnat and Apple lias adopted it for Tiger (QuickTime. 
One of the most important features of H.264 is its 
scalability. It scales from HD DVD dow'n to 3C cell 
phones. This is one of those technologies diat really 
needs to be experienced firsthand to tnily appreciate it. 
But the quality cnily is amazing. 
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Safari RSS 

Tlie l)ig iiddiLion to Salari is llic integration of RSS 
(Really Sioiple Syndication) right in the f:jrowser. iiger 
Safari will support RSS and Atom protocols and will 
automatical I y detect RSS feeds. Safari’s new Personal 
Clipping Service allows you to automatically accumulate 
articles culled from a variety of RSS feeds into a single 
page. Safari also adds the ability to store RSS queries as 
bookmarks. 

During flus part of the demo, Steve stepped through 
a variety of web sites with RSS feeds, including Apple’s 
site and the New York Times, Tlrere's an RSS button to the 
right of the address bar. When you want to view a site’s 
RSS feed, navigate to the site, then pusli tlic RSS [)utton. 
Tlic RSS feed appears as a scrolling list of article links, 
.similar to a Go<::)gle results page. 

There’s an RSS control panel built into the Safari RSS 
display page iliat allows you to customize the feed 
display. There^s a slider to set the length of each article 
displayed in each summary, you can sort by date, title or 
article source, c^r select die lengdi of lime to go back to 
retrieve articles. 

Since RSS feeds tend to be behind-the-scenes, they 
can show up in .some surt>risnig places. Like in iTunes. for 
example. Yes, there is an Vines RSS feed, showing the 
top 10 for that particular moment. Not sure how 
particularly useful this is, but it is inlcresting! 

I’here's also an RSS search field so you can do a 
search across all your current RSS feeds. Far more focused 
resulLs than Google and very fast. More timely, too, as RSS 
feeds tend to be updated more quickly than Google. 

Core Image and Core Video 

This is like Code Audio for the image protressing and 
video cniwd. In a nutsliell, image and video processing is 
now offloaded to the GPU (graphics processing unit), 
which is designed for that. This adds floating point 
precision and eases the krad on the main prcx:essor. Core 
image adds in more than a hundred high-quality real time 
image filters, image Units and Video Units are extensible 
plugins, along the lines of Audio UniLs. Developers can 
combine filters and effects and apply them in real time, 
with all the w^ork being done by the GPU. Core Video 
provides a bridge Ijetwecn QuickTime and the GPU. 

Pliil Scliiller, Apple’s Senior VP, gave a demo of both 
Core Image and Core Video. He brought up an app that 
di.splayed a picture of a tiger as well as a control panel 
that gave iiiiii access to some of the Core Image filters and 
effects. I’he app was simple, but the power wa.s very 
clear. There are focus filters (like Gaussian, motion, and 
zoom blur), color adjustment filters, color, compositing, 
distortion and geometry filters, to name a few. There's 
even a ,sei of awe.somc transition filters. Tlic point is, you 
can now easily add all this power to your own apps. 


These same filters and effects work on video as well, 
also in real lime. Truly amazing. 

Dashboard 

Rerneml:>er the IVin of building Control Panels? Not 
the hassle part, but the coolness of creating a little app 
that was available anywhere, no matter whal app the tiser 
was using. Combine that concept with Expose, and you 
have the essence of Dashboaixl. Dashboard was built with 
WebKit, primarily with JavaScript, like Expose, ii provides 
a layer that appears and disapf>cars instantly. Instead of a 
set of your app's windows, Dashboard reveals a 
customizalile set of tiny applications, calletl widget.s. 
Examples of widgets might be a calculator, a sticky note 
oiganizer, a stock ticker, or weather tracker. 

Apple will ship a set of widgets with T'iger, but I have 
no douiiL this is going to create a i>rarid new' market, 
niucix like the market for tiny control panels l>ack in the 
day. 'I his one looks like a lot of fun. 

Automator 

AuLomalcjr is a visual scripting Look Sal Soghoian, the 
AppleScript Product Manager, gave a demo. Basically; 
Automator is a visual front end for your apps that allows 
yt)U to create a workllow l>ascd on tlic cafjaljiliLies ol the 
a[)p you are scripting, SaEs clemo took a scries of wel^ 
site^ from .Mac, sucked in all the image.s, imported the 
image.s to iPtioR), then created a slide sfiow' for iDVD. He 
then made the workflow a bit more genetic and showed 
how he could use the same script across applications. 
This is a nice solution for Folks who do not want to tackle 
tlie f^rexse of AppleScript. 

iChat AV 

With the addition of 11.264, iChat AV just got much, 
much cooler The image resolution Ls cleaner. Bui more 
importantly, you can now iChal with miiltipLe people at 
the same time. An audio iChat can contain up to ten 
peopie. Ten! And a videt) IChat can contain four people. 
Thai is awesome, baby!!! 

Till We Meet Again... 

The only downside of Tiger is that it is not out yet. 
There are a lot of fun things to play with, and I am 
really looking Forward to t:)laying with tliis some more. 
1 think the first thing Pm going to write about is 
Da.shboard. A great idea. 

Oh, if you liavcnT done so already, be sure to head 
over to http://spiderworks.com and sign up. By the 
time you read this, we sh(tuld be prelly close to 
opening the doors! © , , ^ 

'I’it I 
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lv\ t-Ue fUeve w«>is 

NeHw-Po 

I remember being awed unci mystified by Netlnfo at 
Apple Present;! I ions by former NeX'l’ System Engineers of 
Mac OS X Server version 1 in 1999- Tiie idea of 
liierurchies and domains, administrator accounts and 
authentication, entries and attributes seenied downrigh! 
weird to a Mac: OS devotee like myselb Growing into the 
UNIX-y side of things with 08 X Server as it evolved, I 
found myself more and more intrigued with llie control a 
Directory Service brought to a group of Mac users, the 
mouni records, machine accounts, and URLs visible in 
Netlnfo Manager provided a valuable head-scratching and 
learning experience, to say the least. 

Initially, Netlnfo was a f>rillianL solution to a common 
UNIX |>rQbleni—how to distribute and consc^lidate user, 
group, and host information over a network without 
having to maintain copies of /etc/passwd /ctc/users, 
/etc/groups and /etc7hosts over multiple machines. As a 
marter of fact, extracting and capturing valid host, 
passwd, and group Hat files for use on a UNIX system is 
as easy as: 

$ niduiup passwd , > my passwils. Lxt 
$ nidump hosta . ) niyhosts.txt 
$ Tiidiittip group . > niygtoup-txt 

The real magic came in having applications, not just 
users, access authentication infonnation in a central 
repository—without having to duplicate flai files all over 
the network. Mail Services, H i'I P Services, FTP Services 
and file services can all share the same source of 
atithentication, Netlnfo, as impJemenred in NeXlSIEF 
(the ancestor to OS X), also alk)wed ftjr a hierarchical 
anangement of Netlnfo “Domains" or databases of 
information, where defining administrator accotjnts at the 


By ChtCi^go^ IL^ 


lop (or root) of t!ie hierarchy allowed for them to 
atithenticate at any point on all of its hrandie.s, as in the 
illustraLicDn below, where an administrator who liad an 
account in tlie Corporate domain could authenticate any 
wxirkstation in either the Sales or Marketing domain, 
while a user with an account in Sales wouldn't be able to 
authenticate at a workstation in the Marketing domain. 

Csfporale Daman 



LkU Iwinto DofflAinis 


Netinfo Domain Hierarchy 


Each OS X .system up to OS X I0.3t either server or 
client, still ha.s a local Netlnfo database that's consulted 
first by services and applications in need of 
authentication, regardless of whether the OS X 
workstation or server is configured to consult shared 
directories or foreign directories, such as Microsoft's 
Active Directory or Novell’s eDirectory. With Neilnfi> as a 
directory service, things got mucii more interesting with 
an additional shared Netlnfo database created on OS X 
10.1 or 10.2 (thereby becoming a directory server), then 
ofl’ered up lo other OS X computers t>n a network via a 
process of *1yinding, ** which took place at reboot by 
auromafic configuration (DHCP), static configuration 
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(specifying ihe TP address of ilie seiner which iiosied ihe 
sluircd Network Ncilnfo database, along with the ^‘tag" or 
name of the clatabase) or by broadcast I'^inciing (which 
required the creation of machine records in the shared 
Netlnfo and was widely ignored in OS X Server, a legacy 
from when NexTSTEl^ didn’t support DHCP services). 

Willi OS X Server 10.1, configuring a sliared Netlnfo 
domain could lx.' a liil or miss proposition for all bul the 
most learned gums or the most patient and stalwart 
administnitors, witli the process of creating and fx>pulating 
a shared dfimain al limes resuliing in a spinning disc' of 
death. Destroying a shared Netlnfo database was 
sometimes cause for a leinstall of the whole server. OS X 
Server 10.1 relied heavily on a properly configured DNS 
server (which is still a requiiement for most OS X Servers) 
but with many Mac professionals just getting into DNIX 
(myself inc luded) DNS tx>nfiguration was a black an, soon 
mastered with long nigJiLs of liair-pulling. 



Netlnfo Manager in OS X Server 10.1 


os X Server 10.1 stored a lot of system and service 
configuration information in Netlnfo that would lx* moved 
to XML property list {.plist) files in OS X Server 10.2 and 
10 . 3 , notably settings for the IP Firewall Service, Mail 
Servei; and Apple File Server 

NcHvvt^o 3 €coia\€S op€v\ D'lv-ecFovy, 

wlVk ifs opev\LP/\P 

Open Directory (I), which premiered with OS X Server 
10.2, w^as Apple’s new^ moniker for the collection of 
properties and values it had previously collected in Netlnfo. 
It iuid some significant enlianceinents other than its 


capability Lc^ serve up directory information through T.DAP 
via tlie OjxnLDAJ’ slapd daemon. Ojxn Directory had new 
features tlmt allowed for preference management by 
workgroup and computer accounts with presets that made 
creation of users and groups more efficient. With the relctuse 
of OS X Server 10.2^ Netlnfo w'as still tlie clefault method for 
storing shared directory data, but it had lieen extended into 
sometliing much more intercsling- Previotis U3 the release of 
OS X Server 10.2, there were rumblings that Netlnfo has 
been thrown under' the bus in favor' c:>f OperiLDAF or 
"slapd.*' In realily, OS X 10.2, which ushered in Uie Open 
Dhectoiy era, was an evolutionaiy step towards OixiiLDAI^. 
OS X 10.2 u.sed Netlnfo for its directory stomge, or 
“ciomaias” which ts Apple'.s term for the actual duabases 
that contain the diiectoiy infonration, but did integrate 
('IpenLDAI^ so that tlie .shared Netlnfo domains could be 
act'essed through an I.DA1X3 plug-in to ihe Directory Acx'ess 
ap^jlication, via a txe-defined set of Open Directory LDAP 
imppings, allowing for a smoorher transition to Open 
Direc:tory H in OS X Seiwer 10.3^ Also a significanl advanc:e 
of Open Directory was the addition of the Password Server 
w^hich supported multiple authentication protocols l:>ased on 
the Simple Authentic^iticrn and Security Layer (SASL) 
Standard which scrpersecied tlie deprecated and insecure 
ciypi password algoritl-Qii, tkit OS X 10.1 (not OS 91) clients 
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Netinfo Manger: Shared Netlnfo Domain 
in OS X Server 10.2 


Open Directory services in OS X 10.2 also iniroduc:ed 
the Workgroup Manager Application, which allowed for die 
easy insertion and editing of nic’x (managed user' and 
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workgroup ,settings) but offered no real interface for adding 
T.DAP attributes for pc:>pulilting such entries as eniail address, 
phone nuinl>er, dei^aitinent, and title that would make the 
LDAP support useful with clients such as Apple's Address 
Bcx^k or Microsoft Entourage. Insertion of such data could 
easily be done with good *ol Netlnfo Manager^ by creating 
the requisite properties and values within the user records. 



LDAP Contact Information in Netlnfo Manager 

One of the best tools for populating user records with 
contact and organizational information is the open-source 
X Windows application Directory Administrator (available 
at fink.sourceforge.net ) that provide pre-set fields that 
makes entering personal data a pleasure. 

Another nice touch was the Open DIreccory Assistant, 
which guided admins through the seaip of directory 
domains and the password server and came in handy as 
a troubleshooting tool for those who forgot tliar the 
password server was necessary for authenticating 
Windows clients and gave themselves a ''Basic’’ (now 
labeled "Crypt”) password in Workgroup Manager 
denying them the privilege to set password server 
passwords for other users. With OS X Server 10.3j it“s 
done by deleting die .AppleSetupDone file in /var/dl^ and 
rebooting, which forces the Server Setup Assistant to run, 
allowing the administrator to reset their password and 
become a password server administrator once aigain. 
Upon setting up Open Directory, die personal installing 
OS X Seiwer had three basic choices for a directory. First, 
tiiey could store user account information in a local 


directory (single local Netlnfo Domain). Second, they 
could connect to a directory on another server either by 
Netlnfo or LDAP or NIS. Third, they could choose to host 
a directory that other computers and servers could access 
over die network (shared Netlnfo domain) and could 
enable LDAP support for Netlnfo. Each change or session 
of the Open Directory Assistant retjuired a reliool, but it 
was a vast improvement over the riskiness of adding or 
deleting directory domains in OS X SeiTer 10 1. Jaguar 
Server also proved the value of Apple’s Workgroup 
Management scheme, modeled loosely on the interface 
and features of Macintosh Manager, the Classic Mac 
Managed Workgroup solution, but delivered with the 
robustness and reliability that Macintosh Manager 
administrators could only dream oh 

op€v\ PlvecVovy II: TUe App'^€v\Hce 
Is v\o\w fUe K<nsfev 

They went ahead and did it, tliey really did! It’s 
extremely unusual, in the spirit of NIH (not invented here), 
tliat a computer company with as ritJi of a tradition as Apple 
(and NeXT) would dump its home-brewed netw'ork directory 
structure in favor of an open-source replacement, but that’s 
exactly wEat happened in OS X Server 103^ Shared Netlnfo 
domains were no tnoie, replaced by Open Direaory Masteis 
that used iDpenLDAP exclusively and BerkleyDB as the back¬ 
end storage for the directory domain. An Open Directory 
Master witli syfficienl memory and storage can operate 
smootlily witli 100,(X>0 user accounts and c:an handle 250 
simultaneous LDAP connections! For larger networks, this 
mcanl that it might no longer lx: necessary to arrange scTvers 
in hierarchies, as witli Netlnfo, allowing more flexibility in 
management and authentication. 

Setting up and installing OS X Server is still relatively 
straightforward, the Open Directoiy Assistant morphed 
into the new Server Semp Assistant and gave up some 
of its capalrilities to die new Server Admin application. 
On first look, Open Directory 11 appears little changed 
from Open Directory for jaguar Server However, the 
nomenclaiure has changed significantly. A shared 
domain is now an "Open Directory Master.” A local 
directory is labeled a ''Standalone Server." With these 
shades of Microsofi-spcak, At)jric accomplished once 
again what the otliers dared not to imagine: with 
Panther Server, an administrator could change the 
structure (role) of Open Directory without rebooting. 
Try that on a Windows Server! How did Apple do it? 
Well, OpenLDAP is quite a different beast than Netlnfo. 
While Netlnfo domains bound Logelher al bool time, 
Open Directory II acLs as an external directory domain 
connected locally at /LDAPv3/l 27.0.0.1, w^hich is the 
same as a connection to an LDAP directory running on 
a different server at another IP address. 
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Local 

Search Path 
Other... 

/Active Directory/most.com 
/LDAPvS/127.0.0.1 

Choosing Directory Domain in 
WorkGroup Manager 



Custom Search Path on 
Open Directory Master 


Note that the Server Admin or Server AssLstani adds ilie Oixm 
Directory IVLister LDAf^ n<xle with the “Custom patir as iT it were 
niiinually connected conifxiter. As a inatter of fact, aside fron i a few 
very important difterences, wliich VW get to later, iliere’s rcttl'y little 
difl'cTCnce Ix-Uween the way an OS X client would conneci to an 
Open Direciory 0 Master and die way liie OS X Server that l iosts it 
artuaily connects. 

Q>nnecttng an OS X Seiver to anotlier Open ilirectoiy Server 
Ls also accomplished tlmxtgli the LDAPv^ plug-in in Diteclory 
Access. iLsing the “Open Directory' Server” built-in ina| pings. 
There’s a plug-in for Act ive Directory ihn doesn't require editing the 
Active Directory Sclieina to leverage accounts on a Windov\'s 2000 
or 2003 Server. 0|xti Dia^ctoiy Master's can emulate Windows 
Domain Controllers for Windows Wbrkstatioas iillowang a single OS 
X Seiver to act as lx>th home directory hexst and authentic a Lion 
sender to mixed environments. 

In addition to Apple's Password Server, Open Diret cry I! 
featLiies a new autlientication authoriiy: KerixTcxs. Given a pi operly 
configured DNS Server on the netwoiit or on die 0|xai Diirciory 
Server iisc^lf, an Open f>irectory Master aiitCKronflgiires itst*lf as a 
KDC (Key Distril^Lition Center) for OS X 10.3 c:lients (vaihour 
additional configuration) and OS X 10,2 clients cxinllgured with the 
proptT /etc/authori7ation edits, /etc/ kihS.keytab files, and 
edu.iiiit.KerIxtos preference files. AU OS X 10.3 elienis recei\ e their 
edu imt.Kerixtos preferences through the kerlXTOsauloconfig 
cxirnma nd. the following from the man page descrilxs the p tKess: 

Lhf? kerberosautoconfig command creates the 
edu.mit.Kerberos file from information stored In 
the open directory config record named 
KerberosClient. The existing edu. mi t .Kerhoros 
is only replaced if the auto gene r.ated header 1 3 
present and the generat 1 on_t d In the KerberosClienL 
conflg record Is greater than Lhat within the 
file. The derault locaLion of the output file Is 
/Library/Preferences /edu. riit. Kerberos . 
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Thi.s addition to Kerberos is Apple's unique method 
of simplifying the configuration of an authentication 
protocol that typically requires much work at the 
et>mmand-line. Even the task of adding other OS X 
Servers to the Kerberos Realm is a relatively simple 
process that allows multiple servers connected to a an 
Open Directory Micster to grant access to services like ssh, 
afp, ftp, pop and imap without having users re- 
authenticate. When T first got single-sign on going here at 
our training lab, I was startled to be able to ssh into a 
server without authenticating again! It’s easy to get used 
to, though! With Kerberos being the main authentication 
protocol for Windows ServeCsS, and being supported by 
every major OS (even OS 9!), it's great to see Apple 
emlxacing an open standard and improving on iL...wait 
did I just say that? Let me repeat myself, and repeat.*.* 

Only once an administrator starts st'riuching the 
surface of the Panther Server's Workgroup Manager 
applicaLion, sfx*‘cificaliy by going to its Preferences dialog 
and checking the ‘'All Records" tal> and inspecit^r, does it 
becomes clear how muc:h Apple has enriched Op>en 
Directory 11. 

Workgroup Manager Preferences I 

S! Resolve DNS names when possible 
Use secure transactions (SSL) for Sharing 

□ Show system users and groups 

0 Show “All Records" tab and inspector 

□ Limit search results to requested records (use * to show all) 

□ List a maximum of records 

Auto-refresh Sharing every: HHl seconds. 

Q Reset "Don't show again" messag^sj 

( Cancel ) f OK 


Enabling ''All Records'' and Inspector 
in Workgroup Manager 

of c:ourse, such enrichment ean't come without a 
ret|uisiLe warning: 


Turning on the all records tab enables you 
to edit raw directory data. 

It is possible to cause data loss or otherwise make 
your system moperabie by editing this raw data 
Incorrectly. 

(-^3 


Danger Will Robinson! 


Looking at the raw directory data is an interesting 
way to twiddle an evening or two away. 



Raw LDAP Data in Workgroup Manager 


Clicking on the "New Attribute...” button brings up 
a window with a popup of all supported Open Direeiory 
attributes. However, Workgroup Manager falls way short of 
Netlnfo Manager in one significant way. It does not 
all(}w the person editing the directoiy^ data to see ihe 
hierarchy, structure, or relationships between much 
the atirihutes. NellnlV) Manager still exists, but none of 
the Open i:)irectory Data is really visible there on an 
Open Directoty Master anymore. For instance, it is 
pos.sjble to add a KDCConfigData attribute, but it is 
not pcxssihle, wilhoul working with the command-line 
dscl tooL to get a sense of w'here in the LDAP direcLcjry 
it should go. 

rclark:"^ rclark$ dscl u re lark p 
/LDAPv3/127.0.0.1/ list /Config 
Password: 

KerberosClient 
KerbetoaKDC 
Id apreplicas 
macosxodconf1 a 
mex^cache 
passwordserver 

Mcx_cac:he and passwordserver are familiar 
holdovers from Open Directory IL KerberosClient and 
KerberosKDC are new additions to the family. A closer 
look at the Kerhero.sClieni attribute reveals the magic 
of Apple's Kerberos implementation: 

dad u rclark -p /LDAPv.l/1 27 * 0 * 0.1 / -raad 
/Conflg/KerberosCllent 

cn: KerberosCiienr 

objectClass: apple - configuration top 
AppleHetatJodeLocation : / LDAPv3 / 12 / . 0.0 - 1 
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Passwort^Pl UG: *-**.»,» 

RftcordNamo: KerberosClient 

XMT.Pllst: <7?cml version"’KO’* encoding“"UTF‘e"?> 

<!UOOTPK pllat PUBLIC “'//Apple Computet//DTD PLIST 1.0//KN" 
“http;//www.apple-com/DTDs/PropertyList-1.0.dtd“> 

<plast vers ion"*'1.0’> 

<dict> 

<key>edu.m!t.kerbe ros</key> 

<dict> 

<key >doinain_realni< /key> 

<dict> 

<key>- most * com</key> 

<Sttliig>RCLARK.MOST. nOM</st ring) 
<key>fflost,coffl</kGy> 

<s t r 1 ng>RCMRK .MOST. C0H< / s t ring) 

</rtic^t> 

<kcy>l ibdoFaijUs</key> 

<d!cL> 

<key>detault_realij:</key> 

<etrinfi>RCLARX.MOST.COM</strliig> 

</dict> 

<key>rea1ms</key> 

<dict> 

<k ey>RC!^BK.HOST. C0H< /key> 

<dlCL> 

< key)KADH_Lis t </key > 
<acray> 

<s tring)tclark.nost,com</string) 

</array) 

<key)K13€_l.1sT</key> 

<array) 

<string>rc 1 a rk. most, coiii</fl t r 1 ng> 

</array> 

</dict> 

</dict> 

</dict> 

<key>ganeratiQBlDC/key> 

<lnteger)ll Wj 9773''tSC/integer) 

</dict> 

</pliat> 


Here's llie property list (.pli.st) used to automatically 
generate the edu.mit.Kerberos file when an OS X 10.3 
elieni logs into an Open Directoiy Master with a running 
Kerberos KDC (Key Distrihutinn Center). 

Open Directory II also allows setting the 
passwords of multiple users simultaneously, as well as 
setting oilier aiiriimtes, such as home directory path. 
Just make a multiple scleclion of user accounts in 
Workgroup Manager and set a password for all of t!ie 
users, check Ute option lo “change password at next 
login'' and with the correct password policies in place, 
there's no more need to worry about setting uni(|uc 
passwords and recording them. Password policies have 
expanded to include password length, composition of 
number and letters, difference from account name, and 
difrcTcnce from Iasi x number of passwords used when 
a change of password is required, though Open 
Directory still lacks an allow^deny schedule for users 
and groups. 
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Watch TV on your Mac 

Eyel V features a 124-channel cable-ready analog tuner and DVD quality 
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theri update video content to DVD.* aoast 6Titanium required). 

Don't miss a thing 

Use EyeTV's Electronic Program Guide to find exactly what you are 
looking for, and program EyeTV to record it. Program EyeTV from 
anywhere via the Internet. 



• Record TV otn Your Mac 
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• Digitize Analog Video 


• Arctiive Recorded TV To DVD* • The Speed And Power Of Firewire 


go 

digital 

Convert your analog 
video tapes to 
digital in realtime, 
then burn them 
to DVD! * 



export to iMovie®, 
iDVD®andDVD 
Studio Pro®, making 
it easier to create 
professional quality 
recordings. 
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Password Properties in Server Admin 


Tlie klapneplicas attribute is a new adtlitton to Open Dircatiry 
as well. With two untc)tie serial nLitnlxa^ (dtjn't try it witlicait them), 
an 0|>L'n DiR-etoty Master will replicate the directory, password 
seiver. uud Kerlx^ros KDC to another OS X 10.3 Server in Its entirety, 
and quickly. It takes just a lew minotcs to replicate an Ojxai 
Directory Master on a l{K)-niegahit Etl^emct network witli a 
few^ hundred users and a KDC. lliLs is great for large 
educational institutioas and enterprises concerned alxml 
downtime. Rt^plicition can cxcwon a schedule, t)r whenever 
Uic OjKsi Diieclory Master is changed. Failover cxnirs 
namrally and tlie client logs into the first available replica. 

^e^nvcU'iH^ -Pov fUe "UooV^ 

OS X Server 10.3 is certainly one Ix^ast of a Directcjiy^ 
server, hut it does share one unfortunate charaeteristie 
w'ith Windows 2000 anti 2003 Server that its 
predetressors didn't. Though Workgroup Manager gives 
admiriistratc^rs access to all LDAF attributes and values, 
it doesn't allow for the hierarchical view' that Net Info 
manager provided in previous iteratit>ns of OS X Seiver. 
As with Windows Servers, administnitors can see parts of 
the directory in certain applications, hut never the 
'^w'hole" thing. Certain importanL elcinenls, such as the 
/Config container, aren't readily visible, even from using 
the commanckline utilities. 1, for one, despite have l>een 
dipped in the river €)f UNIX, arn still a very visual 
persem—things lend to make more sense to me if 1 can 
visualize them, eyeball them. GUIs make me smile. 

Sc^, my searc:h fur a uLiliiy (Directoiy Adininistratur, 
despite 1 icing a great editor, doesn't have a hierarchical 
modt.) to view Open Directoiy 1! was on. I toyed around 


with phpldapadmin (http://phpkb padmin.sourcefoigejiel/) 
other web-based utilities, frankly I wanted stimeiliing I could 
run on an ilkxik or Powerbook without having to c'onfigure 
a web server. Fventiially, I stumbled upon a great ulilily 
called l.BF.jar (short for LDAP Browser/Editor), a Java applet 
that finally gave me that *'look” I'd lieen missing from 
previous version of OS X Server. LBE (htip://www- 
unix.mcs.anl.gov/-'gawor/ldaj>/) is old software (it liasn't 
ixxm uixliitcxJ since 2(XJ2), but seems to work perfertly with 
OpGU Directory, wiiich is either a testameni lo Open 
Direaory-'s adhernence to llie Opc^nLDAP standard, or LBE’s 
adherence to it, or lx>th. 

Downloading and unpacking LBE is sirrifile, and 
requires no further' tweaking to wxii'k on OS X 10.3-5. It 
launches with a doulile-click on the LBE.jar file. 
Configuring LBE to connect to Open Directory isn't very 
straightforward—it lc)ok me a few tries to get it right, as 
in the screenshot below': 



Configure LDAP Connection in LBE.jar 


Hrow'sing Open Directory with LBE is certainly an 
eye-opening experience! Finally, I have a hierarchical 
tool that not only reveals ail of rlit* aitribuies, liut shows 
them in proper relation to their container, sub 
containers, and organlzalicjiial units. LBE is a great 
learning tool foi^ connecting the “LDAP dots”, but fm 
not about to sran editing Open Direentry attributes with 
it...rm a little concerned that it might not write the data 
properly, so I'd have to recommend that any editing be 
done on a test server, rather ilian a priHluction seiver. 
Fm also a little concerned that it may be sending my 
account and passworcl in the clear, so rm t'areful mA to 
run it over any netw^ork Fm un.sure about, especially 
WAPs (Wireless Access Points). 
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^ CO cfpptesfiis^roups 

D j^n° ^^flsiiB te^eom^Ui3te j 
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mb;—-T-:--.V--. 

Hierarchical View of Open 
Directory LDAP Master 

Just about everything's connecting to LDAP these 
clays^ ancl not jiisl atldress hooks, SoqHj even freeware 
coolent management systenis may liavc the ability to 
connect directly to and OS X Server for user and group 


infonnation, econinicrcc aca>unLs created at online 
stores will live in LDAP on OS X Servers, Some of the 
latest builds of the PHP (Pre Hypertext Processor) 
librajy have LDAF^ support rolled in. And who knows 
what Apple will have up its sleeve for Open Directory 
111 due out in mid-2005 with I'iger Server? Given the 
pre-announcement of several features^ T can safely 
guestimate tliat new attributes will appear for access 
control lists (ACLs), Windows Group and User l^olicies 
(yes, there il probably he registry information living, 
like alien larvae, in Open Directory), and new' 
Kerberos Features that allow^ Windows clients 
authenticated by Windows Server KDCs to access 
services on an OS X Server, not to mention ,sonie new' 
home directory options. It’s great to see Apple 
embracing an open standard and improving on 
iu...waii did I just say that again? Let me repeat myself, 
and repeat,.,aind repeat. , _ _ 

'I'iii 
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By Paul Antmann 


SOAP was created collaboratively as an open 
[irolcKcjl. Early in ils devdupment, XML-RPC was spun 
off, and now enjoys its own (lopulanty as a simpler 
alternative to SOAR Both enccxle messages as XMl., and 
both use HTTP to transpt>ri those messages. SOAP, 
however, can use otlier transport protocols, offers a 
numlier of high-end features, and is developing rapidly. 

A SOAJ’ transaction begins witli an application 
making a call to a remote procedure. T'he SOAP client 
script then encodes the procedure request as an XMh 
payload and .sends it over I lie transport protocol to a 
server script. The server pai'ses the request and passes it 
to a local method, which returns a response. Tlie 
response is encoded as XML by the server and returned 
as a respcjnse to the client, which parse.s the res|x>nse and 
passes the result to the original function. 

There are a number of different imp^femenialions of 
SOAP under PIIR It's a shifting landscape: new ones 
appear, and old ones aren't inaintained or simply vanish. 
As of thi.s writing, the most viable PHP implemeniation 
of SOAP seems tcj be Dietricli Ayala's SOAPx4, also 
known as NuSOAP. This Liiiplementation is the most 
eommt>nly used and appears to be the most fully 


developed and acUvcTy maintained, and it shows every 
sign of continuing to be a robust and popular solution. 
It’s not complete—a number c]f features, including full 
documentaiion, are still in the wtxks ^—hul it’s still a 
highly viable and ea.syTo-use SOAP solution. 

Installation 

First, you need to get PHP up and ninnSng on your 
Mac\ If you want to send SOAP messages over HTTPS, 
you’ll need to include the cURL module in your PliP build. 

T'he next ,step is to iastall NuSOAl^ Download ihe 
package from the developer’s site 

http://di6trich.ganx4.com/download.php7urh/nusGap/ 

Unzip it to get a folder of clocumentaLion, as well as 
llse file nusoap.php, which contains the actual PUP 
classes that we’ll need. To use them, place niiscxtp.php in 
your PHP path and include it in the scripts you write. 

The l>ase class is nusoap_base. By using it and its 
subclasses, anything is possible. As an example, HI 
build a simple SOAP server script and client script, and 
then dissect the XML transaction they send. 
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SOAP, the Simple Object Access 

Protocol, is the powerhouse of web 
services. Ifs a highly adaptable, object- 

oriented protocol that exists in over 80 

implementations on every popular platform, including 

AppleScript, JavaScript, and Cocoa. It provides a flexible 
communication layer between applications, regardless of platform and 
location. As long as they both speak SOAP, a PHP-based web application can 
ask a C++ database application on another continent to look up the price of a book 
and have the answer right away. 


A SOAP Server 

Here is a simple server, wiirten in PUP, that takes an ISBN 
(International Standard Book Number) <is input, performs a 
lookup in an imaginary dalaf)asc, and returns the price of the 
corresponding lx>ok. In it, I use the soap_server class, and four 
methods of that class: the soap_server constRictor, register, fault, 
and service: 

<?php 

// lunction to gel price from d;it;it>a.se 
f liner inn lookup ($TSBH) I 

SqiJery = “select price from Ivooks where. Isbn = 3ISBN; 

it Ci*ystjl_cQfiiiecL {’*lQcaltit>0lL” . "'liKername'*, "paHSwd'')) 
else ( $error = “Database cuntiectioa ettor*": 
return $error; \ 
i t (niys q i_s e iec t_tib (“ books ”)) 
else i $error = “Database not fotind": 
return Serror; I 

if ($result ” Enyf;ql_qiiery($queE:y}) 
else t $srror * '’iiiysql_error()“: 
return $crror; \ 

Sprlce = mysql^cesult tSresuU. 0. 0): 
return $prlce: 

I 

// mckidc Uh: SOAP cIiC\sc& 
require_once('nusoap.php‘); 

// create the server objea: 

$server ” new soap_sGfver: 

// register the lookup service 
$server >register('lookup*}: 

// if the lookup fiiils, if iiim :m error 


if $pricG = 0 { 

$error = “Price lookup error": 

] 

if (issetC$error)) [ 

$fault = 

Sssrver->fault(*soap:Server*,' 

http://tnydotnain-cotn/booklookupscript.plip'.$err 
or): 

1 

// send die result as a SOAP response over HTTP 
$ so rV G r-> se rvlc e(5 HTrP_RAW_POST_DATA); 

?> 

Hie first methfid 1 use is the soap_sert<^er constructor, wliich 
creates the server object that will Ix: dcjing all tlie work for me. 
I a,ssign iliat object to $.server. Next is register, which tells the 
server wdiat to do (in thi.s case, to call the lookup(.) function). 
The methoefs one parameter is the name of the funcLion. Tlicrc 
arc i>lher optional pamiiieters that can )>e used to define the 
namespace and the SOAFAction information as specified in the 
SOAP specification, but those arent necessary' for this example. 
The general synlax of llic register metliod isi 

rngirttnr fnfirao. in, mit. namespfice, SOAFAction. style) 

Tiic first parameter is the only mandatory one. in and ant 
are arrays of input and output values; namespace and 
SOAPAction are used in accordance with the SOAP spec. 
Finally, style is used to indicate whellier the data being sent is 
literal XML data (the default, and what 1 use in these examples) 
or lU^C serialized application daui. 
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So, the function is executed, and the retiirneci value 
is passed to the server object, 'llien the service methoci 
reiurns a SOAP response u> (he elieni iluu iniiiaicd ihe 
request. The argument to tlie service method is 
$H'rrP_RAW_FOST_DATA, 

Dealing with Errors 

Beciiose databases are noi perfect, the script has a 
series of steps to catch errors. The lookup function 
contains three traps for different kinds of MySQL database 
eiTtjrs. Each traf> assigns an error identification string lo 
the variai^le $en*or and returns that variable to tlie main 
function. Additionally, the main function tests the $price 
variahle Lo ensure dial ids not set to zero, wliicli would 
indicate a defective entry in the datai>ase. 

if any one of these traps finds an error, NuSOAl^ s fault 
method is called. Tills halts execiiiion of die server .script 
and returns tlie rnetliod’s parameiers to Live client as tiie 
string variable $fault. Lhe syntax of the fault method is: 

faiiit(fauitcode* faviXtactor* faultstring, faultdetail) 

The first two arguments are required^ the latter two 
arc optional. For die faultcode argument, a machine- 
read aide fault code must be fvrovided, as descrilved in the 
SOAP spec. There are four predefined fault ctxles in the 
specification: VersionMismatch, MustUnderstantf Client, 
and Server These mu.sL be given as c|ualified names in the 
namespace by prefixing them with SOAP-ENV;, A 
VensionMismatch error indicates incompatible 
name.spaces. A MustllndersLand error is used when it 
comes across a mandatory header entry that it doesn’t 
understand. Client is used wdien the error lies in the 
message thai was received from the trlieni. And Server 
indicaie.s a proldem encountered during proce.ssing on 
die server, unaffiliated with the SOAP me.s.sage per se. 
This latter c{)de is wlial 1 used in the sc ripl when there’s 
a problem with the database lookup. 

The faultacior argumenr slioiiki contain the IRd 
where tiie problem {)riginated. This is more important for 
transactions where numei-ou.s inteimediaries are involved. 
In this example, 1 use the UId of tlie server script. (Note: 
the NuSOAP dtjcumcnlaliivn iivifilies that the faultacior 
element should be set to either **ciient” or “seiver."’ The 
SOAP specificaiif>n, hcvwever, says it slioiikl be a LJkl.) 

faultstring and faultdeLail are set aside for explaining 
the fault in human-readable language, faultstring should 
he a Ivrief message indicating the nature of the prcvblem, 
while faulLdeUiil can go into more detail—it can even 
contain an array with specific itemized information al^out 
Lhe fault. In my example, I pass the $eiTQr string to 
faultstring, and omit faultdetaiL 


A SOAP Client 

Now I'll write a client for an existing SOAl^ .server, 
so you can see it in action. I’ll use XMethods’ Barnes & 
Noble Price Quote server, which acts a lot like the 
example server, alx>ve. It takes an ISBN as input and 
returns price data from Barnes 8l Noble. 

The client script will need to send a request 
containing an ISBN and then parse the response. In ihLs 
script, I use the soapelient class, its constructor, and call, 
which handles making a request and parsing the response 
all in one. The only method available on the server Is 
GecPrice, which take.s only one parameter, a string called 
isbn. It returns a floating-pcnnt variable called return. 

<?pbp 

// incUide the SOAP classes 
require_once (' niisoap. php'} : 

// define paranieier array (ISBN number) 

Sparam * array('isbn**>'0365503954'}: 

// dcJmc to Mcrvcr iippliciition 
Sserverpath 

= 'http 1 //serviced.xmethod.^i.netiSO/saap/aervlEt/rpr-routet* : 
//define method namespace 
$naratspace“''trrri:xmcLhods liNPriceCh^ck''; 

// create client ob|ect 

^client = new scapcHentCSserverpath): 

// make lhe call 

$price $ciient‘>c3il('getPrice* tSparacHtSnamespace): 

// ir a lault occurred, output errtir info 
if Cl.'iset [$faultl) f 

print "Frror: $fault: 

J 

elsE if t$prlcie = -i) f 

print "The book is not in the database.": 

I else ( 

// oUierwbe output the result 

print "The price of book number Sparamfisbnl ." is 
S", Sprlce: 

I 

// kill object 
urtseL ($clienL): 

?> 

The soapelient con.stmctor take.s a server tiKI. as its 
argiimc?nt. Having ihu.s iniliaiized the seiver object, I pas.s 
to the call metlTod the name of the function I want 
(get!Tice), the necessary parameters (ihe array containing 
the ISBN siring io look up), and the recjuired melhcvd 
namespace: iirtxxmethods-BNPriceCheck. 

M'lie paianieter.s for .soapdienfs call method are: 
function name, para meter array, and three optional ones: 
namespace, SOAPAction. and an amiy of headers. The 
definition for llie server will specify which, if any, of the 
optional parameiers art: necessary. The Barne.s 8^ Noble 
Price Quote server requires a method namespace definition 
(iii n:xniethods-RNPriceCheck) hut no SOAPAction or SOAP 
headers. Infomiation alxjiit what this seiver offers and what 
it requires was gleaned from the server’s listing 
(httpr//xmethods.netyve2/ViewTisting,po?serviceid=7) on 
XMethods’ (http://xmerhods.net/) index of SOAP ,servers. 
(This particular .server hapf^ens to lie hosted by XMethods, 
liut the index lists a wide variety of seiv^ers, regardless of 
host.) 


92 November • 2004 


VmWMACTECH.COM 





The call method of tlie client performs the SOAP 
transaction and returns the content of the server's 
response to the $ price variable. The script checks for the 
presence of which the server returns if there was 

an error in the transaction. If the $faiilt variable is set, the 
script outputs the error information. If ihere isn’t an error, 
it cfiecks to sec if the price returned is -1, which indicates 
that the requested book was not founcL Otherwise, the 
price data is printed. 

A Closer Look at the Transaction 

The acliial XMl. message sent by the elieni to the 
server It^uks something like tliis' 

< SOAP-ENV:Enveiope 

xmlns: SOAP -ENV^"http: i / schemas. xiiiisoap. org/ soap /envelope / " 
xnilnsixsi“"http;//wvw.¥3*org/2001/XMLSohero3^instance” 
xinln s: xsd='* http i / / WWW. .0 r g / 2 0 01 / XMLSctienva ” > 

<SOAP-RNV:Body> 

(ns I: getPrlcc xml ns: rs rxmfithods -ENPricpChetk'’ 

SOAP 

ENV T encoditigSty le='’ht I p r / /schemas * xmlsoa p, o rg/soap/ cncod i ng / ” 

> 

<isbn xsi;type=''xsd:striiig">0385503954</isbn> 

</naltgetFrice> 

</SOAP-EM!Body> 

</soap-ENV:E nvelope> 

The Envelope tag contains pointers to the global 
namespace definitions. It also inchides pointers to the 
SOAP envelope schema ho.sted on xmlsf>ap.org and to the 
W3C’s XML scliema definition, Tliese tell the seiver wfiere 
it's getting definitions for the various XML tags that it's 
using. The XMLSchema class (which is, as of ihrs writing, 
only experimental) can be used to WT>rk with aspects of 
the XML schema. 

the schema definition is set aiitt>matit:ally by NuSOAP io 
[tUp://www.w.3x)i>;/2f)O l/XMLSchenia. If you wish to change 
this, you must set the $XMLSchem:iVersion gloW^l variaL^le: 

$XMLSche]iiaVersion = 'http://ww.my.org/MYSchecoa/': 

Detailed discussion of the ins and outs of the 
W3Cs XML schema can be found in O’Reilly’s bcx)k on 
I he subjcxi, 

Witliin the Envelope tag is the fiexly tag, which contains 
the body of the message. Its attribules are determined by the 
parameters of tlie function call. The name of tlie remote 
metliod, tlie method namespac'e, and the actual content of 
the message—die ISBN string—^are set by the client scxipi. 
NuSOA!^ auiomatically detects the variable type and 
incoiporates die type iximespace (xsd ^string) in die isbii tag. 
If a SOAl^Actioii had lieen .set in the .serript, that w'ould appear 
as a SOAl^Aclicm HITT header. 

The encoding style is set by default to 
hTtp://sdiemas.xnilsoap.ojrg/sr>ap/en£Xxling/. Tliis is pre-.set 
by NuSOAP as ihe SOAP-ENC eleineni of llic public airay 


called ruimespaces. 'lb change it, simply include a line in 
your scxipi like: 

$tiiinte EJpac e s {S 0AP - EMC] = ' h L t p; / / my. s pec ia 1. e nco d itig': 

Tile same technkiuc^ cran lx» used to change other 
natnes[iace values, ii' necessary. The keys of the namespaces 
anay am SOAP-ENV, xsd, xsi, SOAP-ENC, and si, 
corresponding to the namespace TiRIs for the envelopt! 
sc:hema, the XML schema definitic^n (ecjual to 
SXMLSchemaVersion), the XML schema instance, the 
encoding style, and the SOAP interopelability test URT, 
respectively. Tlie default seidngs for diese should not need 
to lie changed under otdinary circTinistances, 

I'he server's XML response to the rectuest looks like this: 

< SOAP-ENV:Env elope 

mins:SOAF-ENV-'http://schemas,xmlsoap,otg/soap/envelope/" 
xmlns: xs i-'http: / /www. w3. org/199 9 /XHLSoheas - instance'' 
xralns:xKd="http://www.w3-org/1999/XMLSchema") 

<SOAP-RNV:Bo(iy> 

<ris 1: getPriceResponse xml ns: ns I'■"urn: xmethods-BNP rice Check" 

SOAP 

KNV:encodingstyl£?="h L Lp r//schema s,xmlsoap,o rg/soap/encodirg/"> 
<retui:n xsi: type="xsd ioat''>l4. t3</return) 

</nsl: getFricekeapcinse) 

</SOAP ENV:Body) 

</SOAP-ENV:Envelope) 

The envelope is pretty' niudi the same as that of the 
request, thoLigli you’ll notice that the sewer uses an older 
XML schema than the clienL I’he Inxly is also similar: the 
method namespace and the encoding style are die same. Hie 
nsl package tag has Response appended to its name now: 
<ns1:getPriceResponse>, And wlitxe the rc<iue,si had an 
elemeni called isbn, here the core of the response is called 
letum, and die data ryjx" is specified as float. PHP is weakly 
typed, so NuSOAP assigns variable types automaiically. 

Conclusion 

NuSOAP makes working w'ith SOAP very easy by 
automatically handling the complexity, although it also 
provides a fair amouni of access to the llexibility and 
nuance underneath. The call method of the soapelient 
class and the register method of the soap_server class 
do a lot of work that many other SOAP implemcniaiions 
make you do by hand. NuSOAP offers some access to 
the underlayer now, and will allow more as 
development proceed,s. 

To learn more about the details of working with 
SOAP, refer to the SOAP specification 
(http://wwww3.org/TR/soap 12-parlO/) and the APT 
documentation that comes with NuSOAP. If you 
encounter a specific question about how^ NuSOAP 
handles SOAP transactions, h can be helpful to look at 
the nusoap.php file, wfiicli is clearly organized by 
class and decently commented. Going to the source, 
as it were, should answer most c|uesiions. 

'kill 
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By Ryan Wilcox 


Introduction 

rylhon Is ciisy u> use, simple, powerful, und c hoc k-full 
of great modules (similar to AppIeSeripts you load via the 
load script command). Tht* design of the language “just 
niakes sense,” ilie nujdtiles are well ilioughi out, and best 
of all the language has immy similarities to AppleScri[>t. 

Every day it seems 1 find more uses for l^ython than I 
could liave imagined. 1 use: Pyflmn along with BHEdit to 
automate all sorts of common text-based tasks: J liave 
scripts to help me resolve CV^ conflicts, to convert decimal 
to hexadecimal (and lx.ic*k), to enccKle selected text into 
UltL encoded foniiat and more. Python’s readable structure 
and multitude of iiiclitded modules lends itself to quick 
one-tiff utilities, often with less pain than a similar 
AppleScript — at least in tliis author’s opinion. 

In diis aitide HI disctis,s how l^ion and AppleScript are 
similar, and liow they differ, Tlien we’ll walk through an 
example script in lx>th languages. Finally, 111 conciude 
showing hew ycju can use Python and AppleScript 
simultancxHLsIy in your projects. 


AppleScript and Python share many 
similar traits 

Looking at a Pydion .script should be a vaguely 
familiar experience for an A]:)pleScripter - the same 
indented How, and understandatMe syntax. When you are 
creating a Python script you often try out little cfiunks of 
code first, make sure they work, tlien put them in a largei' 
whole — just like you might when adding code to an 
AppleScript. Let’s tackle Uiesc similanties in more detail: 

WhiteH|iace matters 

In AppleScript wiutespace is automatically added by 
tlie compiler so that nested commands (such as those in 
an if, repeat, try, tell, etc) are always indented properly. 
In Python whilespace is also important - in fact 
whitespace tells the compiler that a line or iilock of code 
is nested. When the indentation stops, the blcK'k of code 
has ended. Contra.st tliis to AppleScript’s approach, where 
blocks of code are ended with end statements, Tlic key 
difference with Python is that it does not automatically 
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add whitespace as AppleScript does. This isn't as much of 
an issues as it sounds, as most text editors auto-iiident 
when you type a return. It’s worth mentioning here that 
statements that mark a block of code (such as for loops, 
if statements, and even functions) rct^uire a colon at the 
end of the '"parent’" line. The sanif^le scxipi piesenied later 
in the article shows several indented 1 blocks of code. 

Having whitespace matter is both a good thing and a 
bad thing. The good news: every Python script yoti run 
into Will have a similar style, indentation-wise, 'The bad 
news: the compiler will complain if you mix spaces and 
lairs to indent, and it\s annoying to have to debug 
something you can't see. For this reason using a text 
editor that can Show Invisibles is so very iiiipurtant 


^build a.s you go” 

Both AppleScript and Python make it easy to 
construct big scripts out of externally created 
functions. Consider a script ihai needs to list all Llie 
files in a folder. With AppleScript you can create a 
blank script and start experimenting, and w4ien you 
have it working incorporate it into a bigger script. 
Python also has this ca pa In lily: taking smalh bLiilding- 
block pieces and constnjcling big things wdih them. 
Python also has an interactive mode, so you can try 
something oiiS to see if it works, and when you are 
satisfied that it works, paste it into your main script. 


A Tale of two languages 


The advent of OS X brought with it a wealth (some might say invasion) of 
tools from the Unix world; the command shells, grep, sed, Is, cat, less, vi, 
emacs - all these utilities and countless others. It also brought with it 
programming languages - probably the most popular one being Perl. OS X 
10.2, however, added to its repertoire a scripting language called Python. 


(maybe even a requirement) while programming in 
Python. As a sidenotc, in cross-platform scripts, using 4 
spaces to indent is recommended over using a tab, as 
spaces are not so easily mangled by unsavwy text editors. 

“simple'" syntax 

Python’s syntax is v^ry straiglitforw^ard, and often 
compared to pseudo-code. For contrast, kK)k at tiie 
sample script later in this article, implemented first in 
AppleScript, then in Python. The l^hon version, while it 
is iioi as readable as ilie near-Englisli AppleScript, reads 
like English plus a bit of 8th grade algebra. AppleScript's 
approach of English-Like-Syntax-WherevenPossible often 
results in extra typing. Compare if you will AppleScript’s: 

se t end of myList to “the end” 
to Python * s: 

myt.lst. append ( “the end'*) . 


Python is not AppleScript 

For some, the appareni si m i lari ly stops tlierc. 
Python brings its own unique flavor to the language 
party, differing from AppleScript in some key areas: 
cross-platformness, case sensiiiviiy, and Pytlion’s 
(significantly) different approach to types are some of 
w^hal make Pydion a unique scripting language when 
compared to AppleScript. 

Python is Cross-Platform 

Python runs on most major platforms - both 
flavors of Mac OS, Windows, Linux, Unix, even the 
PalmOS. Much of Pythtm’s functionality knows what 
platform a script is currently running under, and 
adjusts platform specific things. For example, the 


MACmCH 


Python For Appl(Scr(ph:rs 95 






linesep attribute of the os module will return the line 
separator ciiaratlerCs) for die eurreni platform. There 
are certain times when you want to use a plaiioriri 
specific API, and thaPs perfectly acceptable as well. 
One Python rule of liiiiml’) is ' We’re all consenting 
adults here/ meaning that the language woiTi try to 
prevent you from doing something potentially 
''naugfuy" if you warn to. 

Case Matters 

In AppleScript, the compiler changes the case of a 
variable to be the same as the first instance of tliat 
variable. So, while case matters, the compiler takes 
care of it for you. In Python case also matters, except 
there is no automatic correction — what you type is 
wlvAi you get. 

What do you contain? Types Matter 

As any experienced scripter knows, AppleScript 
plays fast-and-loose with type. Sometimes you can't be 
sure exactly whal you wit! get back. This has its 
advantages as well as its disadvantages. Take this line 
of AppleScript for example: 

Hst f i rstNum t q "O' 

set tesiiVar Lo firstMum 1 

If you know that firstNum can always be converted 
into number, this works great - it saves everybody 
some typing. But here's the puzzle: what is testVar? Is 
it a string? A number? Without a specific declaration, 
AppleScript will auLomalically coerce all of the values 
to the same type, but the question still remains: what 
type of object will you end up with? (To tliose of you 
who answered that the result will he a numbei; go to 
the head of the class.) Ilow^ever, as scripts grow in 
complexity, being explicit regarding what type a 
variable is l)ecomes esseruial - you end up almost 
fighting the im]>Iicit coercion you used (and loved) 
with your smaller script. 

WitJi Python, there is no implicit coercion - 
instead, variables have a very strict sense about what 
type they are, and what they can do. (For those of you 
versed in programming terminology. Python is 
dynamically, but strongly, typed. You can create a 
variable without caring what type it will be, but 
Python keeps track of wliai kind of data lit at variable 
currently has in it. nere is that same sample in Python: 

teatVar ^ intCTM I l 

This is how' Python does coercion - instead of 
AppleScript's as xxxxx notation, Python uses xx:xx(), 
as C/C-H+ does. Trying to run + t in python will 
give a runtime error^ as you can not eoneatenate \sLr’ 
and 4nt' objects. Python has no idea what to do (it 


could do two things: cast “I” to an Integer, or cast 1 to 
a string. One answer will result in 2, while the other 
gives Ti"). One t)f the guidelines (Zens) of Python 
says: ^‘When faced with aml>iguity, resist the lemptation 
to guess." 'file “Zens of Python" guide both the 
developmenl of Python as a language and provide a 
good framework for writing your own scripts and 
modules. To read more about the culture of Python, 
and the Zen/Design Principles of Python, visit the 
following URL: http://www.python.org/dev/culture.html 

Batteries Included 

Like AppleScript, Python has a .small core language, 
while external modules provide additional 
func:Lionality. In AppleScript, these external modules 
come in the form of Scrijiiing Additions and Scriptable 
Applications (created by Apple and third parties). 
There are a few Scripting Additions that come 
preinstalled with every Mac OS Installation (Standard 
Additions, URL Access Scripting, Image Capture 
Scripting^ among others), and several of the apps that 
come f)reinstalled arc scripiable. All ScripLahic 
Applications and Scripting Additions are written in 
languages like C/C++ or Olijective-C, In Python the 
focus IS not so much on applications as it is on 
modules - collections of Python routines or objects, 
usually written in Python, that perform certain tasks. 
These modules are similar tn style to AppleScript’s 
script libraries. While some Python modules include 
C/C++ code, these seem to be the exception, rather 
than the rule. Python comes wiih a huge collection of 
mtjdulcs called the Standard Library, so instead of 
asking the PindeJ' for the size of a file, you would call 
a function in the Standard Library. 

ITS in the doc s 

In AppleScript, iliere i.s always some human 
readable documentation: the dictionary of the 
application or scripting addition. Sometimes the 
tliciionaiy is not enough hut it is always there, on your 
mad line. When 1 am writing AppleScript, 1 always liavc 
at least one or two clictionaries open, referring to them 
as I write my script, like a cheat-sheet right there on 
my desktop. 

Python, on the other hand, takes more of a “reference 
honk" approach to documentati<m - it is available in a 
nunrihcr of different formats, (downloadable from 
liiip;//python,org), liut like any reference book, you hope the 
docimientation is up to date, complete, and that it describes 
the method you want to use. There have been several utilities 
wTinen to reduce the risk of these mistakes in the 
documentation happening, and the Python documentation is 
usually of higli cjuaiily. Still, the possibillfy of out of date 
documentation exists. The Mac Pytlion IDE includes a 
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module browser, letting you explore differeal modules like 
you do an AppleScnpr dkrionary, hut it’s often not as 
lielpfuL As mentioned before, most Python mcKiules are 
coded in Python itself, and you can usually view the source 
code for a module, trying to figure out what a function 
actually does. 

The standard Python practice is to add a string literal 
descriliing The function and parameters it rakes as the first line 
of the function. This string is called a Vlocsrring.” If you view 
a module in the Mac Python IDE’s Module Browser, this string 

will be described as_doc_(pronounced “under under doc 

under under’;) - however this __doc_string is what is 

rendered for the documentation - meaning that if the 
documentation is poor, the_^doc_will probably be as well. 

Here’s an example of a function with a docstring. Bui first 
it is also important to note Python's string lilera] functionality. 
If you have a character in a siring literal that you would 
ordinarily have to escape, for example a quote character, you 
can instead Iriplc-quotc the string litcTal - the string is 
considered everything enclosed in triple quotes (“’’'Tin in 
triple quotes”””, for example, Is a perfectly valid suing literal.) 

def addVal UGS C vai ijc I , 

''“"addValues adds Lwo numbtirs. Simple. Viiluel is 
liiG first value Lo add, valued Is the second, ReLuriiH 
these two values added together'"”' 

return (vaiuel + value2) 

riiis Standard practice is a great practice to adopt for 
your own methods. Adopting this documentation convention 
will help you remember what a funcittjn does, why you need 
it, and what the parameters do when you revisit the function 
at a later date. AppleScript is without such a standard 
practice; everyt?ody has tlieir own styles of documenting an 
AppleScript method, if they do it at all, 

An IDE and an example: 

Kicking the tires 

Python makes a great multi-puqjosc language. Internally 
we use it from everything from creating shell programs, to 
making HBEdit Unix filters, creating throw-away one-time 
scripts, or designing custom CGI scripts for our clienis. You 
can even use Python in conjunction with Apple's Cocoa 
application framework u.sing PyOhjC. With some arldittonal 
modules, you can use Python just like you would AppleScript 
- to display simple GUIs, talk to other applications, and do 
other user admtni.stration tasks. 

Starting at the beginning: Installing a GUI friendly 
Python 

While you can use Pyllum on the command line, the 
command line program gives you everything you would 
expect from a Unix ba.sed took no GUI capabilities, no IDE 
and no graphical debugger In short, it's not the best 
environment for Mac people who are used to such niceties. 


In the pre-OS X days, a Mac OS 9 version of Python, 
including an IDE, was provided by Jack Jansen, 'f he IDE and 
all ihe Mac .specific modules from those days still work 
under OS X, but their appearance has not been updated for 
OS X. I'hose looking for prettier IDEs on OS X shouldn't fret 
- there are several ihai show' promi.se, but as of this w'dting 
most are still in the early stages of development. 

You can download the MaePython package at 
htlpr/Zhomepa g es.cwi.nl/-ja c k/maepython/ 

This package will install the PyllionlDE application 
(found in your Applications/MacPython-2,5 folder) along 
with .some other things. Double click on the Python IDE 
and you should get something similar lo this: 



Got it? Does it look something like this? Good. Let's go 
to work. 

A simple iUustraiion, line by line 

Let’s .start things off with a simple example - a .script 
that accepts ii.ser input and appends it to a file. It shoukl be 
noted here that simple AppleScripl display dlaiog like 
interfaces aren't Python’s strong suit. While the MaePython 
package helps, it's still not as easy as Appje.Script’s display 
dialog. This (and ioter-applicalion communication) arc two 
of the things that Python does poorly, however there are two 
packages currently competing to become the de facto 
standard for inter-application communication in Python, .so 
the tide Cat least on that front) .should turn rather quickly. 
First, the AppleScript; 

set fliepath to choose file with pronipt “select a file to 
append to" 

set fileRef to open for access filepath with write 
permissioti 
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repeat 

set dialo&Result to display dialog “enter a line" 
default answer "'line" buttons ”• 

I^No More'*, ^^Enter"! default 'button 2 

if button returned of dialogKesult Is "Knter“ then 
set textReturned to text returned of dialogResult 
write textReturned return to fileRef 
else 

exit repeat 
end if 
end repeat 

close access fileRef 
Now, the Python: 
import EasyDialogs, os 

filepath ^ EasyOialogs .AskPiiePorOpenC*‘select a file Co 
append to"J 

if filepath: 

fileRef = open (filepath» ’vr') 
while True: 

textReturned = EasyDialogSH AskStt:ing( 

prompt = “enter a line", default = “line". 
ok="Enter”* cancel = “Wo more") 
if textReturned: 

fileRef.writs(textReturned + os.linesep) 
else: 
break 

fileRef .closed 


Let’s Take the Python sample line by liner 

import EasyDiaiogs, os 

As mentioned before, Python organizes sets of 
functionaliiy into modules. Impon loads tliese modules into 
your scripi. Here we import bodi tlie Easy Dialogs module (a 
Mac specific module) and the cross-platform os module. 

filepath “ EasyDiaiogs.AskFiieForOpeii(“file to 
append 

to please") 

This line calls the AskFileForOpen method in die 
CasyDialogs module, which will ask the user to select a file. 
By comparison, AppleScnpi searches all of the installed 
scripiing additions for you, looking for die command, and 
sometimes it “helpfully” Finds the wrong one, This is what 
often causes a terminology conflict. If AppleScript rec|uired 
you To specify wlierc to get the terminology frcjm, you might 
have to write something like set filepath to standard 
addition's choose file %vliicli may be more b^ping, biu would 
remove any potential anibiguily. Sadly, AppleScript does not 
support this style of reference. 

if filepath: 

In AppleScript, if the user presses cancel in a choose file 
dialog, AppleScript raises an error and terminates the .script 
{unless you handle die error in an on ernir block). Python's 
AskFileForOpen function does no such thing - it just returns 
None and keeps on executing the script. We must explicitly 
test the value of filepath for its existence (filepath would be 
None if the user pressed the “Cancer liuUon on the dialog). 


In Python variables that are None are simply considered 
false. Truth in Python is a tricky thing, but best explained by 
the following web page: 

http://www.users.Gbsju.edu/-dusena/pylhon/fundamentais/node10.htmL 

fileRef = open(filepath. "w") 

Again, similar looking to the AppleScript - open the file 
at filepath with write permission.s. 

while True: 

Here the a fore mentioned Zen of Python “when faced 
with ambiguity, resist the temptation to guess" returns. The 
above line shows how deeply this statement is ingrained in 
the Python culture. The equivalent AppleScript statement is 
just “repeal” - to which Pythonista,s would ask “repeat 
what?”. Here Python explicitly says “do the following as long 
as this .statement is true”. The True must be capitalized - 
True nieaas true, while true means nothing. Got it? Good. 

textReturneJ = EasyOialogs.AskStrlngt 

protnpt “enter a line", default = “line". 

ok="Enier". cancel = "No more”) 

By reading the documentation I found this method, and 
figured tmt wiiat parameicns u> pa.ss to ii. These parameters 
are self-explanatory, but it did take a bit of hunting in the 
documentation (and maybe even a read of the source) to 
learn exactly how to con,sirucl thi,s line. 

if textReturned: 

Here again we test the value of text Relumed - if it 
contains anything, the if executes. Same a.s the if filepath line 
above. It is worth repeating that lines that begin blocks of 
indented code, such as this line, need a colon at the end. 

fileRef.write(texLReturned + as.lincsep) 

Here wc write the text the user entered, and a line separator 
(of whatever platlunn we’re on) to the file. As mentioned tefore, 
os.linesep will return tlie end-of-line charaaeris) for whatever 
platform ihe script is on. 

else: 

break 

Hctc we comv to the end <jf tlie if textRetumed block. If 
textReturned is None, as belabored in more detail above, the user 
pre.s.sed the cancel button - we should abort our while kx>p. 

fileRef.close() 

Always dc^e our llle - in tliis case, by ailing fileRef object's 
do.se0 melhfKl, Note the indentalion level of tills line - it Ls on tlie 
same level indentation wise, as tlie while statement. This signals tlie 
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end of die wliile loop - die indentation level changed. While diis 
was mentioned previously in die article, in die 'Whitesjiace ntiitteni'' 
section, it deserves repeating here. 

Two Worlds Collide: AppleScript, 
meet Python 

Hven il you don't want to use Pydion as your main scripting 
language, you am slowly move parts of your AppleScripts into 
Python - for insLince having your Python scripts do tilings that 
are hard to do (or slow to do) in AjipieScript, but easy in Python. 
Here's an example that will find a string inside a string (or return 
0 if it does not). Tins task is easy to do in AppleScript (using the 
offset of functionality), but it can be very slow. Instead of using 
offset of we use a Python script to do it. 

Python script: substrpy: 

/uf5r/b In/cnv python 

#flrsr line tells us where to find python* 

# character means the rest of the 
#line Is a coMnent. jtet like AppleScript *s — 

import sys 

find Word = sryH.argvtl] -ffgai the flrsi coinmand line 
argument 

ihcjsirljig sys.argvf2] #geL the string 
Tint thestring.find{findWord) + 1 

AppleScript strings start at I, python's @ 0. Adjust 
the answer for AS. 

Create the above Python script your favorite text editor, 
and save it. Make sure the line ending.s are set to Unix line 
endings, just to be safe. 

Now, create itic following AppleScTipt, and save it in llie 
same folder as the above Python script, in Application format. 

on run 

display dialog ( "world has been found at character: " 

& pythonSubStr("world"hollo world") ) 
end run 

to pythonSubStr [t oFlnd , theString) 

set my Container Lo geLCouLaiiierofMeO 

set myResult to do shell script "python “ ft 
rayContainer 

S "substr.py " & " \"" & toFind & \"" A 

thoStrlng k 

-tell python what script to open up, and whaL params 
to pass 

-also note that the quotes we put around both strings 
are to prevent the shell from 

-breaking them into lots of different arguments (the 
shell sees a space 

- as an argument separator) 

- this is usually not what we want to do. These will 

be removed 

-automatacally by Python* 

return myResult 
end pythonSubStr 


on getContainerofMeO 

tell application "Finder" 

set desL to path to me 

set Lemp_ctintainGr to container of dest as alias 

return {quoted form of POSIX path of terap_CQntaliier) 
-POSIX = Unix path 
end tell 

end getContainerofMe 

However, it'*s worth noiing here ihai do ?>he]l *scripr on my 
test machine (4()0Mhz Powerbook G4) takes aixiut .5 second*s to 
exec Lite. This is not because Python i.s slow, hut lather do shell 
sciipl can lake a wliile lo do iUs mitialixalion and lerminarkm 
routines* This slowmess, how^ever, may just bait out a vanilla 
AppleScripi using offset of, depending on the data. 

Using Python, you can sometimes build fimclionality into 
your .scTipts that normally woiiki require thiid paity OSAXen in 
AppleScript. Complex string manipulations, regular expressions, 
even sending email* Using do shell senpr to merge AppleScript 
and Python code might just provide that extra oom[)h for your 
scTipt, or may jiist speed up your development process. 

Conclusion 

With it's familiar-fecriing language, cross-platform abilities, 
large standard library, and simple, readable syntax, you niiglit 
find PsThon an intere.sting choice for your next project - even if 
it’s only a piiil of iu Fee! free lo expeiiment vviih the builidn 
Python inteq:)ietei. Fire up Temiinal.app and enter the coimiiand 
python to l>e taken into the coimnand line Python's interactive 
mode (ConUx>l-D Lo gel oui). For ihose of you of the Gill 
persuasion, see the Python Interactive window in ilie Pytlion IDE. 
Learn more about Python liy visiting the Pyihon website at 
hUp://ww^w.pyihon.ofg, in paiiicular the Introducrion .section 
(hrtp://www .p\thon.oig/doc/lntros.hiin]). 
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Kerio Mail 
Server 

The best groupware server on Mac Os X 

Welcome Kerio 


If you \tK)k m the pl;rtform rliere 
aren't many choices at all. Now and 
Meeting Maker don't inlegnite with any 
other clients on the Mac. If you have 
linux clients, then the only way to use 
Now is via a web interface, and 
Meeting Maker requires Windows for a 
lot of its higher end functionality. 
Oracle houglil Sieltor to get Corporate 
1 line, but that recjuires a separate client 
for calendaring, and it's a pretty ugly 
diem, even thtjugh it has fantastic 
functionality. 

Stalker Software's Commiinigale 
Pro can oniy talk to iCal on the Mac. 
You can get lietter groupware 
functionality out of it, but only for 
Outlook on Windows. Communigate 
has issues with talking to Open 
Directory, or any directory server 
other tlian the one they ship with it, 
and recent price increases have 
effectively relegated that product to 
the liigli end market. Apple doesn't 
even have any kind of calendaring 
server at all, and from what theyVe 
released for information on Tiger 
Server, they aren't going to have one 
in 10.4 either. 


How ever, i here's a not iter, albeit less well-knowm 
elujice: Kerio MaiLServer 6, from Kerio, 

httpr/Vww^w.kerio,com/ . While I haven’t had a chance 
to heat on it over a long icnn, or in a large-scale 
irnplcmeniaiion, what 1 have seen is very nice. 

Installation and Initial Setup 

Installing Kerio MailServer 6 ts as simple as 
installing almost any other produci. You run the 
insLaller, answer the questions in the wizard and you 
have a server This is not to say you don't need to 
knt)W what you are doing, hut ihai Kerio has done the 
extra work to make getting the product installed and 
running as simple as possible. Yes, yes, a good admin 
shouldn't need it, hut I appreciate it wiien a product 
doesn't rcc|uire me to pass tlie labors of Hercules ju.si 
to get it in.stalled. 

ilie admin interfac'e is logically laid out and easy to 
use, even over Apple Remote I>esklop. It's designed so 
tliat you can do the simple stuff easily, while not keeping 
you from the low level features you sometimes need. 

One major bonus is die Ofien Directory integratfen 
features. This is a separate installer that you run on your 
Open Directoiy Master, which adds .some Kerio - specific 
entries to your LDAP direclory. This allows Kerto 
MailServer to pull user data and authentication 
infonnation from an existing Open Directory setup, which 
allows you to keep your user infonnation in one place. 
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O ne of the biggest holes in Apple’s Server offerings is in the realm 
of groupware. Apple gives you a solid email server, so-so network 
address books, (Open Directory has real issues with the kinds of 
things you need for Address Books), but no calendaring or scheduling. 


Kcrio can also Lie irUo ilie Kerlicros support in Open 
Directory, allowing it to participate in the Open 
Directory Single Sign On environment. So, if you use 
email/calendaring clients that support Kerberos, such as 
Mail, Hudora, or Mulberry, and your client Macs are 
MCX clients, Uien your users authenticate to Kerio when 
they log into their Macs. Single Signon does not suck. 

Configuration 

'I'here are two primary tools for configuring Kerro 
MailServer; the MailServer Monitor application and the 
Administration Console. The MailServer Monitor lets 
yon start/stop the MailServer and open the 
Administration Console. It has a nice Dock menu for 
these tasks, as seen below. 

✓ □ KariQ MailServer Monitor 
Stop MiiiiSoiver 

Unlock 10 allow changes 

Ryn AdrnmstraUon Console 

Show In finder 

Hide 

Quit 



Kerio MailServer Monitor Dock menu 


O Kerio MailServer Monitor 

Kerio MailServer is running j 

Stop ^ Stop Kerio MailServer . ^ j 

O' ■ 

(i) Click the lock to make char>ges. 


Kerio MailServer Monitor application 

Ttiis brings me to my Inggest cxmiplaint with Kerio...it 
pkices its staitupitem in /System/Library/Startupilenis/ and 
not /ybrary/Sianupltems/. ITiis is in general a bad idea, since 
like a kA of folks, I don’l track lhal directory up, sinc^ ifs 
easily restoted from original media, and only Apple shoukl 
Ixi* playing in there anyway. ’lliLs should prol:)ably get fixed 
sooner tfian later. 

'Ihe Administnition Console is nicely designed, with 
all the features of the MailServer clearly lalTeled and easy 
to find. Spam is handled via standard SMTP relay .settings, 
and subscription to various blacklists. MailServer ships 
With the four or .so most popular blacklists, and you can 
add your own. You can also limil things like number of 
mes.sages per hour from a single IP, number of concurrent 
SMTP connections from a single IP, harvest attack 
methcKis, and so on. MailServer ships with McAfee's 
antivirus engine, but can use external tmee, such as 
Sophos if you so desire. You can easily set up attachment 
fillers, and the actions you want to take when a virus, or 
bad attachment is encoLincered. 
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The individual service.s MailServcr provider can be 
enal>lecl or disabled as you need, and set to aiitoniatically 
Stan wlicn ilie MailServer launches if you like. 



Kerio MailServer Administration Console 


As I noted earlier, Kent) .siip{>orLs using botli Active 
Directory and Open Directory for user authenticarion and 
LDAP services. This allows you to keep your user 
databases in one place, and not have to replicate user 
crearion/deieiion/changes/ctc. between multiple user 
databases. The implementation is rather simple. You 
install the Open Directory adapter on the Opett Directory 
Master, point MailSeiwer at it, set u[) your Kerberos Realm 
information in MailServer and then add the asers. Ir s five 
clicks to add the users in yottr Opt;n Directoiy domain. 
The same applies for groups as well. Again, while an 
experienced email administrator can do all of this 
manually, having a well thoughi-oui DT for this makes 
dealing with MailServer mucli nicer, and that's, well, nice. 

Kent) sup|)orts all the major authentication schemes, 
such as SSL, Kerlieros, CRAM-MDS, and NTLM, so using 
MailServer securely is as simple as telling MailSeiver what 
to use and how to use it. 

Client setup is like any other. You tell your ctrtail client 
what seiver to use, set up your auihentication ryjx% enter 
your usci’ ID and passwonl (if you aren’t using Kerlxros), 
and you're set. If yoti want to use Hntoumge (v.X and 2001) 
or Outlook, Kerio’s manual has the spccillc insiructiorLS on 
Itow to .set Lhi.s u|:i, and they work nicely. For Outlook, Kerio 
f>rovides a MAPI connector, and hnToiirage ti-strs HTTP-DAV, 
which is also itsed l>y Outlook and FvoiuUon. 


No, you aren’t going to perfectly replicate an 
Exchange server, but if you need 100% of Exchange 
features, youVe using Outlook and Exchange, period. But 
for 90M) of cotmnon groupware needs, Kerio can handle 
it with ease. 

From my own tests, and looking ai other lc.sts of 
email servers, Kerio should have no problems 
handling email and groupware needs for almost any 
size of client base. 

Conclusion 

This is kind of a Itir and run review, but sometimes 1 
don’t have the six months to a year I like to test such 
things. While there is still desperate need for more* 
choices in groupware servers for the Mac, the fact is, diat 
if we only have one real choice, having that choice be 
Kerin is not Llie woi-si tiling that can happen. Kerio has 
wisely chosen to implement groupware supptjit in such a 
manner that yon can use existing groui)ware clients in 
your enterprise, and still get maximum benefit. It has a 
seiLif) and configiiration that are so well de.signed and 
easy to ii.se that they should be copied everywhere, and 
a manual that is as welL writ ten as any one I’ve found. It's 
rare ihai I can solve every problem 1 have with .setting up 
a product with nothing more than the shipped 
dcKLHiientation, and it’s really sweet when a company 
lakes live lime and effoit to make this happen. , ^ ^ 

'.'ill 
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Transpod FM 

In last year’s gift guide, I talked about the first version of the 
Transpod. I loved it. It was my favorite iPod accessory. The 
folks at Digital Lifestyle Outfitters (www.everythingipod.com) 
earlier this year released their second version of this all in one 
transmitter/charger for iPods with docking connectors. It is 
my new favorite. 



This device eliminates the clutter of having 
separate things to charge, transmit and hold the 
iPod. No wire to tangle, nor extra bits to lose. 
Nothing but one thing to do it all. The Transpod FM 
plugs into the cigarette lighter of your car. The iPod 
slips into the device from the top (any iPod with a 
docking connector will fih. 

It comes with several adapter arms to allow 
you to place the main body of the device at 
whatever location you prefer. If you’d rather attach 


the Transpod FM directly to the dash, there is a 
mounting bracket, and a power extension cord 
provided (although I cannot envision screwing 
anything into my dashboard). 

One of my only beefs with the first version 
of the Transpod was that it could not swivel left 
to right. DLO has, at least partially, resolved that 
issue. On the longest extension arm, there is a 
swivel mount. If you don’t need to use that arm, 
however, you are stuck with your iPod pointing 
straight back. That's about it as far as 
complaints go, though. 

The device is v@y well built, with solidly 
constnicted plastics. It has a direct outeut jack for 
car audio systems that can handle that. The FM 
transmitter is by far the most powerful of any I 
have tested thus far. DIO accomplished this by 
designing, and building their own circuitry instead 
of dropping off the shelf components into the 
Transpod FM. The transmitter is controlled by a 
digital tuner, eliminating the problem of drift analog 
tuners can experience. 

If you or yours listens to tunes while on 
the road, there is no better way to go than 
this gadget. $100. 
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Some things... 

Are too good 

to leave 


Hey Guy®' 

Get' Revolu^^'U” 




■rue Corpora^’" 


It'll take y®u ^ 


pest wisli®® 
Cecil 



Introducing 
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Dreamcard" 


Dreamcard: build it Softwaie det^n 

mM ^ riinmi ng 


iMj (tiiwrtti' •«4iii Mm for tile re^ a4 us 


Introdudfig 

Dreamcard: build it 
Software design & programming 
for the rest of us... 

■ Make multimedia, games and applications 

■ Learn and teach how a computer really works 
’ Make professional-looking software - easily! 


Just released - 2.5 

Revolution: develop it 
Application design & programming 
for professionals... 

' Prototype & design using rapid-build toots 

• Develop directly in a runtime environment 

• Create multi-platform 
standalone applications - easily! 


Revolution 


Apphcaiion 

dfstgn 

[KOgt.irrrniin^ 
for proFeSs 


Revolution: develop it 
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''Makes programming far easier than any other programming tool on the market” 

Computer Power User, April 04 
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